Decoding Digital Risk from Corporate Disclosure: A Neural Network Approach

2023 | Americas Conference on Information Systems | Citations: 0

Authors: Long, Yuan; Rai, Arun

Abstract: Digital risk-or the likelihood of losses from organizational context, digital i ... Expand

Abstract: Digital risk-or the likelihood of losses from organizational context, digital infrastructure, IS sourcing, data management and IS applications, is a key consideration in the valuation of firms. We apply a neural network approach to construct and measure digital risks by extracting linguistic relations from the 10-K disclosure (Section "Item 1A"). We develop novel firm-level digital risk measures based on these linguistic relations from three perspectives: (i) presence (whether the digital risk is mentioned or not), (ii) intensity (text coverage of digital risk relative to other issues), and (iii) diversity (the different types of digital risk that are mentioned). We validate our measures for digital risk by demonstrating that they correlate significantly with firm risk, as proxied by the volatility of the stock market. Overall, our findings suggest that the utility of leveraging this type of text-based measure for digital risk is practically feasible, scalable, and economically meaningful. Collapse

Topics: IT risk management Python database system accounting IT security

Methods: artificial neural network BERT regression analysis method descriptive statistic SEC EDGAR

PUBLIC MANAGEMENT CHALLENGES IN THE DIGITAL RISK SOCIETY: A Critical Analysis of the Public Debate on Implementation of the Danish NemID

2023 | European Journal of Information Systems | Citations: 0

Authors: Ngwenyama, Ojelanki; Henriksen, Helle Zinner; Hardt, Daniel

Abstract: The rise of the digital society is accompanied by incalculable social risks, but ... Expand

Abstract: The rise of the digital society is accompanied by incalculable social risks, but very little IS research has examined the implications of the new digital society. Drawing on concepts from Beck’s critical theory of the risk society and critical discourse analysis, this study examines the public discourse on risk events during the launch of NemID, a personal digital identifier for Danish citizens. This research illustrates our difficulties and challenges in managing some of the fundamental social risks from societal digitalisation. Limited institutional capabilities for digital technologies force public officials to depend on private companies motived by profit instead of the public interest. Beliefs in digital technology as the primary determinant of social and economic progress also present many public management dilemmas. When digital risk events occur and citizens’ fears are stoked by news media and public discourse, public officials seem to have no other strategy for managing the escalating fears than systematically distorted communication. The continued rise of the digital risk society demands that IS research respond to the challenge of generating knowledge for its public management. Collapse

Topics: IT risk management data breach identity theft denial of service attack internet technology

Methods: theory development case study qualitative content analysis cluster analysis design artifact

Theories: theory of information warfare theory of communicative action

TOWARDS A MODEL OF TECHNOLOGY USAGE AND DIGITAL MATURITY IN CHILDREN: A GROUNDED-THEORY APPROACH

2022 | European Conference On Information Systems | Citations: 0

Authors: Arenas, Alvaro; Yazdi, Pouye

Abstract: Increased use of digital technologies by children has raised some concerns abou ... Expand

Abstract: Increased use of digital technologies by children has raised some concerns about how digital technologies may be influencing multiple aspects of children' lives. The purpose of this study is to investigate on how children use digital technologies, aiming at identifying factors that indicate how mature children are in the use of digital technologies. We conducted a qualitative study by collecting data from five children focus groups in Spain, with a total of 20 participants. We generated 10 factors that indicate digital maturity, namely digital literacy and technology awareness, perceived benefits and risks, types and patters of technology usage, managing tensions, adult interaction and mediation, regulation of emotional responses, needs satisfaction, and digital civic behaviour. The article also develops a high-level model showing interrelations between socio-technical environment, technology usage and experiences, and reactions to technology usage. Collapse

Topics: information system use IS maturity mobile phone social network Instagram

Methods: qualitative interview focus group qualitative coding grounded theory survey

When and why technology leadership enters the C-suite: An antecedents perspective on CIO presence

2022 | Journal of Strategic Information Systems | Citations: 0

Authors: Bendig, David; Wagner, Robin; Jung, Christopher; Nüesch, Stephan

Abstract: Building on the concept of dynamic managerial capabilities, we set out to advanc ... Expand

Abstract: Building on the concept of dynamic managerial capabilities, we set out to advance scholarly understanding of the antecedents of the presence of technology leadership in the form of the chief information officer (CIO) in the top management team. We derive a holistic framework from the literature of dynamic capabilities and introduce into that literature the concept of adaptation pressures. We suggest that external and internal dimensions that pertain to information tech­ nology, comprising an environmental, structural, and strategic dimension, intensify the pressure on a firm to adapt. The pressure to adapt increases the likelihood that the firm will add a CIO to its top management team. In turn, the presence of a CIO can direct a firm toward exploration as a way to relieve the adaptation pressure. Results from regression analyses of a longitudinal data set covering 503 large U.S. firms from 2006 to 2017 confirm our hypotheses. This study contributes to the literature of both information systems and strategy by clarifying the antecedents of tech­ nology leadership in the C-suite and explicating how environmental, structural, and strategic factors can act as such antecedents. Moreover, this study reinforces the notion that IT leadership can induce strategic change. Collapse

Topics: Chief Information Officer IT leadership research and development information system use digital transformation

Methods: theory development longitudinal research regression analysis method descriptive statistic statistical hypothesis test

Theories: dynamic capabilities theory organizational behavior theory

More Security, less Harm? Exploring the Link between Security Measures and Direct Costs of Cyber Incidents within Firms using PLS-PM

2022 | International Conference on Business Informatics | Citations: 0

Authors: Dreissigacker, Arne; Teuteberg, Frank

Abstract: As one of the first articles to empirically explore the direct costs of cyber in ... Expand

Abstract: As one of the first articles to empirically explore the direct costs of cyber incidents, our research provides novel and significant insights into the structural links between cyber incidents, exposure, and security within firms, as well as the related technical consequences. We employ an explorative approach, which is based on the causal information/cyber risk models proposed by Cohen et al. and Woods & Böhme, as well as PLS-modeling to analyze data from 493 firms that have incurred direct costs from their most severe cyber incident in the last 12 months. These data are part of a larger dataset, based on a representative and stratified random sample of 5,000 organizations that participated in a survey in 2018/19. Based on our model, we discuss the results and derive implications that are highly relevant to the alignment of IT (security) strategy and management. Furthermore, we identify gaps to be assessed in future research. Collapse

Topics: IT security defense ransomware database system IT security threat pandemic

Methods: partial least squares path modeling qualitative interview survey partial least squares regression statistical power analysis

Knowledge Systems and Risk Management: Threat Lessons Learned from COVID-19 in 2020-21

2022 | HICSS | Citations: 0

Authors: Jennex, Murray; Durcikova, Alexandra; Ilvonen, Ilona

Abstract: The year 2020-21 has shown us that the likelihood of extreme events is greater t ... Expand

Abstract: The year 2020-21 has shown us that the likelihood of extreme events is greater than we would have expected. When organizational resources are stretched to their limits due to extreme events, they are also more vulnerable to cyber-attacks and knowledge risks. Based on the events that took place during the 2020-21 period, we identify five knowledge risks and categorize them as technical, behavioral, and legal risks. We identify possible controls to mitigate these knowledge risks: proper knowledge identification, guidelines for employee knowledge behavior, identification and evaluation of online communication channels, and risk re-assessment to knowledge. Collapse

Topics: pandemic natural hazard IT risk management ransomware IT security threat

Methods: survey

Improving Phishing Reporting Using Security Gamification

2022 | Journal of Management Information Systems | Citations: 2

Authors: Jensen, Matthew L.; Wright, Ryan T.; Durcikova, Alexandra; Karumbaiah, Shamya

Abstract: Phishing is an increasing threat that causes billions in losses and damage to pr ... Expand

Abstract: Phishing is an increasing threat that causes billions in losses and damage to productivity, trade secrets, and reputations each year. This work explores how security gamification techniques can improve phishing reporting. We contextualized the cognitive evaluation theory (CET) as a kernel theory and constructed a prototype phishing reporting system. With three experiments in a simulated work setting, we tested gamification elements of validation, attribution, incentives, and public presentation for improvements in experiential (e.g., motivation) and instrumental outcomes (e.g., hits and false positives) in phishing reporting. Our findings suggest public attribution with rewards and punishments best balance the competing necessities of accuracy with widespread reporting. Furthermore, our results demonstrate the unique benefits of security gamification to phishing reporting over and above other phishing mitigation techniques (e.g., training and warnings). However, we also noted that unintended consequences in false alarms might arise from shifts in motivation resulting from public display of incentives. These findings suggest that carefully calibrated external incentives (rather than intrinsic rewards) are most likely to improve the ancillary task of phishing reporting. Collapse

Topics: phishing gamification productivity self efficacy electronic mail

Methods: experiment factorial experiment multivariate analysis of covariance survey design artifact

Theories: cognitive evaluation theory

Does IT Matter to Acquisitions? The Impacts of IT Distance on Post-Acquisition Performance

2022 | Management Information Systems Quarterly | Citations: 0

Authors: Lee, Kyunghee; Han, Kunsoo; Animesh, Animesh; Pinsonneault, Alain

Abstract: Although researchers have examined the role of dyadic dynamics (i.e., interactio ... Expand

Abstract: Although researchers have examined the role of dyadic dynamics (i.e., interactions between the acquirer and the target firm) in the success of acquisitions, little attention has been devoted to the role of information technology (IT). In this study, we extend this literature by examining how pre-acquisition IT distance (i.e., the difference between the enterprise IT systems of the two firms that reflects the system incompatibility and resulting costs of system integration) affects the acquirer’s post-acquisition performance. To measure IT distance, we used a word-embedding technique to map each firm’s IT systems portfolio to a low-dimensional embedding space and calculate the distance between the firms in that space. Using data on U.S. firms’ acquisition activities over seven years, we found that IT distance is negatively associated with the acquirer’s post-acquisition performance. Also, the adverse effect of IT distance is stronger for acquisitions motivated by operational synergies, compared to those seeking non-operational synergies. This finding supports our fundamental premise that IT distance disrupts post-acquisition synergy creation, and more so when the combined firm has a greater need for tight integration to create acquisition synergies. This research contributes to the merger and acquisition (M&A) literature in management and IS by introducing a novel concept of IT distance and by theorizing and empirically examining its performance implications in acquisitions. The findings of this study can inform practitioners on how to devise IT strategies in corporate acquisitions to mitigate IT risks and achieve greater post-acquisition performance. Collapse

Topics: system integration Oracle database enterprise information system value creation IT decentralization

Methods: survey word2vec descriptive statistic word embedding theory development

Understanding dark side of artificial intelligence (AI) integrated business analytics: assessing firm’s operational inefficiency and competitiveness

2022 | European Journal of Information Systems | Citations: 0

Authors: Rana, Nripendra P.; Chatterjee, Sheshadri; Dwivedi, Yogesh K.; Akter, Shahriar

Abstract: The data-centric revolution generally celebrates the proliferation of business a ... Expand

Abstract: The data-centric revolution generally celebrates the proliferation of business analytics and AI in exploiting firm’s potential and success. However, there is a lack of research on how the unintended consequences of AI integrated business analytics (AI-BA) influence a firm’s overall competitive advantage. In this backdrop, this study aims to identify how factors, such as AI-BA opacity, suboptimal business decisions and perceived risk are responsible for a firm’s operational inefficiency and competitive disadvantage. Drawing on the resource-based view, dynamic capability view, and contingency theory, the proposed research model captures the components and effects of an AI-BA opacity on a firm’s risk environment and negative performance. The data were gathered from 355 operational, mid-level and senior managers from various service sectors across all different size organisations in India. The results indicated that lack of governance, poor data quality, and inefficient training of key employees led to an AI-BA opacity. It then triggers suboptimal business decisions and higher perceived risk resulting in operational inefficiency. The findings show that operational inefficiency significantly contributes to negative sales growth and employees’ dissatisfaction, which result in a competitive disadvantage for a firm. The findings also highlight the significant moderating effect of contingency plan in the nomological chain. Collapse

Topics: artificial intelligence data quality analytical information system competitive advantage explainable artificial intelligence

Methods: partial least squares path modeling survey partial least squares regression conceptual modelling theoretical contribution

Theories: contingency theory dynamic capabilities theory resource based view of the firm

A meta-analysis of the factors influencing the impact of security breach announcements on stock returns of firms

2022 | Electronic Markets | Citations: 0

Authors: Ebrahimi, Sepideh; Eshghi, Kamran

Abstract: Concurrent with the increase in organizations’ reliance on IT systems for conduc ... Expand

Abstract: Concurrent with the increase in organizations’ reliance on IT systems for conducting business with their consumers and partners, there have been increases in the risk and instances of security breaches of IT systems. As a result, a large body of research has been conducted to study the financial consequences of such security breaches in general and stock market reactions using the event study methodology in particular. Notwithstanding the significant contributions of the extant studies on the topic, inconsistencies could be observed about the existence and magnitude of shareholders’ reactions to announcements of security breaches by firms. As such, this paper addresses this gap through a meta-analysis of 63 studies (with a total of 20,936 instances of security breach announcements). The results suggest that a significant relationship exists between announcements of security breach and a drop in the experiencing firms’ stock returns. In addition, this relationship is impacted by the type of security breach, time of the security breach event, the country in which the experiencing firms operate, and the size of those firms. Collapse

Topics: IT security threat IT security IS failure IT risk management database system

Methods: meta analysis event study longitudinal research regression analysis method correlation analysis