Although protecting information is the key challenge in a business environment characterized by increasing digitalization and connectivity, the impact of firms’ investments in information security on their financial performance is unclear. In this paper, we focus on ISO/IEC 27001 (i.e., the most renowned norm in the field and the fourth most widespread ISO standard) and analyze the relationship between the attainment of the certification and firms’ financial performance. We developed a set of theory-grounded hypotheses and tested them through a long-term event study complemented by an ordinary least squares regression on a dataset of 143 US-listed companies. The results indicate that the ISO/IEC 27001 certification is associated with improvements in profitability, labor productivity, and (partially) sales performance. The impact appears affected by the level of internationalization of the certified firm. The study contributes to the scientific debate on information security and certifications by developing the first large-scale empirical investigation based on secondary data on the financial implications of ISO/IEC 27001. Moreover, we further deepen the current knowledge on the effects of international management standards on firms’ performance thus enabling comparisons with other major management system standards.

(2022). Information security and value creation: The performance implications of ISO/IEC 27001 [journal article - articolo]. In COMPUTERS IN INDUSTRY. Retrieved from https://hdl.handle.net/10446/271815

Information security and value creation: The performance implications of ISO/IEC 27001

Podrecca, Matteo;
2022-01-01

Abstract

Although protecting information is the key challenge in a business environment characterized by increasing digitalization and connectivity, the impact of firms’ investments in information security on their financial performance is unclear. In this paper, we focus on ISO/IEC 27001 (i.e., the most renowned norm in the field and the fourth most widespread ISO standard) and analyze the relationship between the attainment of the certification and firms’ financial performance. We developed a set of theory-grounded hypotheses and tested them through a long-term event study complemented by an ordinary least squares regression on a dataset of 143 US-listed companies. The results indicate that the ISO/IEC 27001 certification is associated with improvements in profitability, labor productivity, and (partially) sales performance. The impact appears affected by the level of internationalization of the certified firm. The study contributes to the scientific debate on information security and certifications by developing the first large-scale empirical investigation based on secondary data on the financial implications of ISO/IEC 27001. Moreover, we further deepen the current knowledge on the effects of international management standards on firms’ performance thus enabling comparisons with other major management system standards.
articolo
2022
Podrecca, Matteo; Culot, Giovanna; Nassimbeni, Guido; Sartor, Marco
(2022). Information security and value creation: The performance implications of ISO/IEC 27001 [journal article - articolo]. In COMPUTERS IN INDUSTRY. Retrieved from https://hdl.handle.net/10446/271815
File allegato/i alla scheda:
File Dimensione del file Formato  
Podrecca et al., 2022 - CII.pdf

Solo gestori di archivio

Versione: publisher's version - versione editoriale
Licenza: Licenza default Aisberg
Dimensione del file 666.12 kB
Formato Adobe PDF
666.12 kB Adobe PDF   Visualizza/Apri
Pubblicazioni consigliate

Aisberg ©2008 Servizi bibliotecari, Università degli studi di Bergamo | Terms of use/Condizioni di utilizzo

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10446/271815
Citazioni
  • Scopus 13
  • ???jsp.display-item.citation.isi??? 8
social impact