Too Busy to Monitor? Board Busyness and the Occurrence of Reported Information Security Incidents

Hsu, Carol
Wang, Tawei
Journal Title
Journal ISSN
Volume Title
This paper investigates the association between board busyness (i.e., directors with multiple positions) and the occurrence of reported information security incidents. Building on prior studies of board busyness, this paper argues that directors holding multiple board seats may fail to commit the time and effort necessary to ensure the appropriate information security strategy or investment plans are in place. Our results demonstrate that board busyness is positively associated with reported information security incidents. This effect is larger when independent directors are busy, thus suggesting the importance of the governance role played by independent directors in managing information security risks. The board of directors’ role has been emphasized in anecdotal evidence and IT governance frameworks, but our study empirically demonstrates the board’s relevance in information security strategy and management.
Organizational Cybersecurity: Advanced Cyber Defense, Cyber Analytics, and Security, board of directors, busy board, information security, information security breaches
Access Rights
Email if you need this content in ADA-compliant format.