Business Strategy and Cybersecurity Breaches

Authors

Tianpei Li, University of Nebraska at Kearney
Stephanie Walton, E. J. Ourso College of Business

Document Type

Article

Publication Date

6-1-2023

Abstract

This study examines whether a firm’s business strategy is an underlying determinant of cybersecurity breach likelihood. Based on organizational theory, firm strategy can focus on innovation or efficiency, with innovative strategy firms being more likely to have weaker, decentralized control systems, multiple technologies, and greater risk than firms with an efficiency-focused strategy. Following the Miles and Snow (1978) strategy topology, we predict and find that the prospector business strategy is associated with greater breach likelihood. We further explore IT awareness within the firm. Ex ante, it is unclear whether strategic IT policy formation is impounded into a firm’s strategy or can be impacted by individual executives and nonstrategy firm characteristics. We find that IT understanding at the executive or firm level can affect the relationship between strategy and breach likelihood. Collectively, our results indicate that business strategy is a useful indicator in evaluating firms’ cybersecurity activities.

Publication Source (Journal or Book title)

Journal of Information Systems

First Page

51

Last Page

76

Recommended Citation

Li, T., & Walton, S. (2023). Business Strategy and Cybersecurity Breaches. Journal of Information Systems, 37 (2), 51-76. https://doi.org/10.2308/ISYS-2022-033