ABSTRACT

This research examines the joint effects of information technology (IT) strategies and security investments on organizational security breaches. We focus on two forms of IT strategies: digitalization and embeddedness in IT outsourcing networks. Our longitudinal analysis of U.S. hospitals demonstrates that IT security investments reduce security breaches in less digitalized organizations but increase security breaches for highly digitalized organizations. Investing in technical network control security systems such as anti-virus and intrusion detection systems reduces external breaches. Implementing identity and access management security systems such as biometric scanning and user authentication decreases internal breaches but increases external breaches. However, organizations’ embeddedness in IT outsourcing networks weakens the impacts of these technologies investments on external breaches but amplifies the negative relationship between identity and access management security systems and internal breaches. Our results offer an alternative understanding of organizational IT security investments and explain contrary results found in prior studies. Practical guidelines on organizational IT security strategies are discussed.

摘要

这项研究检查了信息技术（IT）策略和安全投资对组织安全漏洞的共同影响。我们专注于两种形式的IT战略：IT外包网络中的数字化和嵌入式。我们对美国医院的纵向分析表明，IT安全投资减少了数字化程度较低的组织的安全漏洞，但增加了数字化程度较高的组织的安全漏洞。投资于技术网络控制安全系统，例如防病毒和入侵检测系统，可以减少外部漏洞。实施身份和访问管理安全系统（例如生物识别扫描和用户身份验证）可以减少内部漏洞，但可以增加外部漏洞。然而，组织在IT外包网络中的嵌入性削弱了这些技术投资对外部漏洞的影响，但加剧了身份和访问管理安全系统与内部漏洞之间的负面关系。我们的结果提供了对组织IT安全投资的另一种理解，并解释了先前研究中发现的相反结果。讨论了有关组织IT安全策略的实用指南。