Too Busy to Monitor? Board Busyness and the Occurrence of Reported Information Security Incidents

Date
2021-01-05
Authors
Hsu, Carol
Wang, Tawei
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
This paper investigates the association between board busyness (i.e., directors with multiple positions) and the occurrence of reported information security incidents. Building on prior studies of board busyness, this paper argues that directors holding multiple board seats may fail to commit the time and effort necessary to ensure the appropriate information security strategy or investment plans are in place. Our results demonstrate that board busyness is positively associated with reported information security incidents. This effect is larger when independent directors are busy, thus suggesting the importance of the governance role played by independent directors in managing information security risks. The board of directors’ role has been emphasized in anecdotal evidence and IT governance frameworks, but our study empirically demonstrates the board’s relevance in information security strategy and management.
Description
Keywords
Organizational Cybersecurity: Advanced Cyber Defense, Cyber Analytics, and Security, board of directors, busy board, information security, information security breaches
Citation
Rights
Access Rights
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.