The rapid development of technology and the associated new challenges such as cybersecurity risk triggered the rise of new digital upper echelons such as Chief Digital Officers (CDOs) or Chief Information Security Officers (CISOs). However, there is a lack of theoretical understanding and rigorous empirical examination regarding the impacts of emerging digital upper echelon roles on firm performance. This dissertation develops three essays that examine the rising digital upper echelons’ implications for firm innovation, cybersecurity strategies, and governance.The first essay examines the antecedents of CISO presence on the TMT and its consequences for firm innovation. We conduct a longitudinal empirical analysis using a unique dataset of S&P 1500 firms from several secondary sources. Our study shows that a firm's appointment of a CISO in TMT is positively influenced by the CISO presence in TMT of industry peers and their data breaches. Importantly, we find that CISO presence in TMT increases firms' innovation on average. The presence of a CISO in TMT with more experience in the same industry as the focal firm has a stronger effect on innovation, while CISOs in TMT with more experience in other industries only increase innovation when the firm's industry is not very turbulent. We also found that CISOs in TMT with a business or IT education have a stronger positive impact on firm innovation. This research is the first to assess the impact of CISO presence in TMT on non-security outcomes. We shed new light on the drivers of why firms appoint a CISO to TMT and how CISO presence in TMT impacts firm value beyond the security function. Our findings also provide managers with a nuanced understanding of how CISO backgrounds impact innovation and provide guidance for hiring CISOs who align with the firm's information management and innovation goals.
The second essay focuses on how competing incentive systems (e.g., compensation) shape digital upper echelons and non-digital upper echelons impact on the firm's disclosure of data breaches in SEC fillings and the moderating role of board members' cybersecurity intensity on upper echelon members’ disclosure. We draw on the agency theory to develop a theoretical model considering the divergent priorities and goals of the digital and non-digital upper echelons involved. We conducted a longitudinal analysis of public firms that have experienced data breaches. Results demonstrate that increased digital upper echelons' compensation will lead to timelier SEC data breach notifications, whereas increased non-digital upper echelons' compensation will have the opposite effect. Board cybersecurity intensity weakens the positive impacts of digital upper echelons' compensation but amplifies the negative impacts of non-digital upper echelons' compensation on notification timeliness. Hence, our findings counter the view that cybersecurity experience on the board speeds up reporting of data breaches by upper echelons. This study also delineates the differences on incentive systems between digital and non-digital upper echelons in SEC data breach notifications. Our results provide managerial implications on how to incentivize firms to disclose data breaches in SEC in a timely manner.
The third essay compares two different reporting structures of CDOs and CISOs: within-group reporting structure (i.e., report to IT heads) versus across-group reporting structure (i.e., report to non-IT heads). Since reporting structure needs to be aligned with firm strategic visions, we examine (1) how CDOs’ reporting structure and digital transformation jointly affect firm performance, and (2) how CISOs’ reporting structure and security awareness jointly affect firm performance. We conducted a longitudinal analysis using a unique dataset collected from multiple sources. Our results demonstrate that compared with within-group reporting structure, CDOs reporting to non-IT heads weakens the positive relationship between digital transformation and the firm’s prospective performance (i.e., market-to-book ratio of assets). However, CISOs reporting to non-IT heads weakens the negative relationship between security awareness and the firm’s retrospective performance (i.e., operational incomes). Overall, our results highlight the advantages of CDOs’ within-group reporting structure and CISOs’ across-group reporting structure. This research contributes to our understanding of how CDOs’ and CISOs’ reporting structure aligns with firm strategic visions in shaping firm performance. Our findings offer implications to business managers on designing reporting structures and governing emerging IT executives.
Overall, this three-essay dissertation enriches our understanding of the impacts of rising digital upper echelons and effective ways to govern these emerging top management roles. / Business Administration/Management Information Systems
| Identifer | oai:union.ndltd.org:TEMPLE/oai:scholarshare.temple.edu:20.500.12613/8988 |
| Date | 08 1900 |
| Creators | Gao, Yiwen |
| Contributors | Wattal, Sunil, Thatcher, Jason Bennett, D'Arcy, John P., 1975-, Moreira, Solon, Rytchkov, Oleg |
| Publisher | Temple University. Libraries |
| Source Sets | Temple University |
| Language | English |
| Detected Language | English |
| Type | Thesis/Dissertation, Text |
| Format | 190 pages |
| Rights | IN COPYRIGHT- This Rights Statement can be used for an Item that is in copyright. Using this statement implies that the organization making this Item available has determined that the Item is in copyright and either is the rights-holder, has obtained permission from the rights-holder(s) to make their Work(s) available, or makes the Item available under an exception or limitation to copyright (including Fair Use) that entitles it to make the Item available., http://rightsstatements.org/vocab/InC/1.0/ |
| Relation | http://dx.doi.org/10.34944/dspace/8952, Theses and Dissertations |
Page generated in 0.002 seconds