Understanding the financial value resulting from IS security investments is critically important to organizations focused on protecting service confidentiality, integrity, and availability in order to preserve firm revenues and reputations. Quantifying the financial effect from IS security investments is difficult to derive. This study investigated the relationship between e-banking investments in IS security and their market value impacts.
Using an event study approach, the author captured e-banking firm specific data and isolated the IS security effect through the measured change in market values. The author hypothesized that announcements of IS security investments would result in statistically significant changes in market values. The author also hypothesized two sub-segments of the selected security investment data, technology and people, would support statistically significant changes in the market values of e-banking service providers. The hypotheses were tested by measuring stock market reactions to the IS security announcements selected from an eight-year period (2003-2010).
Study findings indicated statistically significant market reactions for e-banking firms making IS security investment announcements and suggested that investors rewarded IS security technology investments more highly than e-banking firms making IS security people-focused investment announcements. The author concluded that because investors understand that mandatory regulatory compliance represents an e-banking firm's commitment to creating a secure computing environment, e-banking information systems are perceived as secure therefore, disclosing IS security investments results in weak changes to market values. Ultimately effective management of IS security requires acceptance of the idea that it is not technically feasible or financially viable to implement protections for all identified IS security risks therefore IS security investments must be effectively measured and risk levels consciously selected in order to implement the right technical and operational protections to support a firm's selected risk posture. The study contributes to the event study literature as well as the literature examining the economic effects of information systems security.
| Identifer | oai:union.ndltd.org:nova.edu/oai:nsuworks.nova.edu:gscis_etd-1101 |
| Date | 01 January 2012 |
| Creators | Brock, Linda |
| Publisher | NSUWorks |
| Source Sets | Nova Southeastern University |
| Detected Language | English |
| Type | text |
| Format | application/pdf |
| Source | CEC Theses and Dissertations |
Page generated in 0.0022 seconds