Impact of Data Breach on IT Investment: Embracing Both Failure Learning and Threat Rigidity
Journal
Production and Operations Management
ISSN
1059-1478
1937-5956
Date Issued
2024-10-21
Author(s)
DOI
10.1177/10591478241277455
Abstract
The extant literature has provided valuable insights into the post-failure behavior of organizations, highlighting two distinct tendencies: failure learning and threat rigidity. While failure learning involves organizations embracing change and seeking improvements after experiencing failures, threat rigidity leads to a more conservative and resistant approach to change during such times. In our study, we used a pioneering approach by integrating these seemingly competing perspectives within the context of data breaches. Employing a propensity score matching (PSM)-combined-difference-in-differences (DiD) approach, we uncovered a dual impact of data breaches on firms’ information technology (IT) investment—after data breaches, firms tend to increase their IT investment intensity (a promoting effect) while simultaneously reducing their new IT investments (an inhibiting effect). Furthermore, we found that a firm with a strong quality culture exhibits a stronger tendency to increase its IT investment intensity following a data breach, while a firm highly valuing innovation demonstrates a weaker trend in reducing new IT investments after a breach. In post hoc analyses, we found that the impact of data breaches on IT investments is contingent on a series of factors related to the nature of the breach and the specific type of IT investments considered. Overall, our study provides valuable insights into the complex and diverse relationship between data breaches and IT investments in firms.
Subjects
Data Breach
Failure Learning Theory
Information Technology Investment
IT Innovation
Threat Rigidity Theory
SDGs
Publisher
SAGE Publications
Type
journal article