The Association between Top Management Involvement and Compensation and Information Security Breaches

ABSTRACT

This paper examines how an information technology (IT) executive's position in a top management team and how his/her compensation are associated with the likelihood of information security breaches. Using a sample drawn from multiple sources in the period from 2003 to 2008, we show that an IT executive's involvement in the top management team is negatively related to the possibility of information security breaches. We also find that the amount of behavior-based (i.e., salary) compensation and the pay differences of outcome-based (i.e., bonuses, stock awards, and stock options) compensation between IT and non-IT executives are negatively associated with the likelihood of information security breaches. Our findings shed light on how an IT executive's status in the top management team and the composition of his/her compensation can be related to a firm's IT governance mechanisms.

Keywords:  information security risk management, IT governance, IT executives, information security breach

Source : Juhee Kwon, Jackie Rees Ulmer, and Tawei Wang (2013) The Association between Top Management Involvement and Compensation and Information Security Breaches. Journal of Information Systems: Spring 2013, Vol. 27, No. 1, pp. 219-236