Please use this identifier to cite or link to this item: http://hdl.handle.net/10125/71372

Too Busy to Monitor? Board Busyness and the Occurrence of Reported Information Security Incidents

File Size Format  
0609.pdf 369.44 kB Adobe PDF View/Open

Item Summary

Title:Too Busy to Monitor? Board Busyness and the Occurrence of Reported Information Security Incidents
Authors:Hsu, Carol
Wang, Tawei
Keywords:Organizational Cybersecurity: Advanced Cyber Defense, Cyber Analytics, and Security
board of directors
busy board
information security
information security breaches
Date Issued:05 Jan 2021
Abstract:This paper investigates the association between board busyness (i.e., directors with multiple positions) and the occurrence of reported information security incidents. Building on prior studies of board busyness, this paper argues that directors holding multiple board seats may fail to commit the time and effort necessary to ensure the appropriate information security strategy or investment plans are in place. Our results demonstrate that board busyness is positively associated with reported information security incidents. This effect is larger when independent directors are busy, thus suggesting the importance of the governance role played by independent directors in managing information security risks. The board of directors’ role has been emphasized in anecdotal evidence and IT governance frameworks, but our study empirically demonstrates the board’s relevance in information security strategy and management.
Pages/Duration:10 pages
URI:http://hdl.handle.net/10125/71372
ISBN:978-0-9981331-4-0
DOI:10.24251/HICSS.2021.752
Rights:Attribution-NonCommercial-NoDerivatives 4.0 International
https://creativecommons.org/licenses/by-nc-nd/4.0/
Appears in Collections: Organizational Cybersecurity: Advanced Cyber Defense, Cyber Analytics, and Security


Please email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.

This item is licensed under a Creative Commons License Creative Commons