Although protecting information is the key challenge in a business environment characterized by increasing digitalization and connectivity, the impact of firms’ investments in information security on their financial performance is unclear. In this paper, we focus on ISO/IEC 27001 (i.e., the most renowned norm in the field and the fourth most widespread ISO standard) and analyze the relationship between the attainment of the certification and firms’ financial performance. We developed a set of theory-grounded hypotheses and tested them through a long-term event study complemented by an ordinary least squares regression on a dataset of 143 US-listed companies. The results indicate that the ISO/IEC 27001 certification is associated with improvements in profitability, labor productivity, and (partially) sales performance. The impact appears affected by the level of internationalization of the certified firm. The study contributes to the scientific debate on information security and certifications by developing the first large-scale empirical investigation based on secondary data on the financial implications of ISO/IEC 27001. Moreover, we further deepen the current knowledge on the effects of international management standards on firms’ performance thus enabling comparisons with other major management system standards.
(2022). Information security and value creation: The performance implications of ISO/IEC 27001 [journal article - articolo]. In COMPUTERS IN INDUSTRY. Retrieved from https://hdl.handle.net/10446/271815
Information security and value creation: The performance implications of ISO/IEC 27001
Podrecca, Matteo;
2022-01-01
Abstract
Although protecting information is the key challenge in a business environment characterized by increasing digitalization and connectivity, the impact of firms’ investments in information security on their financial performance is unclear. In this paper, we focus on ISO/IEC 27001 (i.e., the most renowned norm in the field and the fourth most widespread ISO standard) and analyze the relationship between the attainment of the certification and firms’ financial performance. We developed a set of theory-grounded hypotheses and tested them through a long-term event study complemented by an ordinary least squares regression on a dataset of 143 US-listed companies. The results indicate that the ISO/IEC 27001 certification is associated with improvements in profitability, labor productivity, and (partially) sales performance. The impact appears affected by the level of internationalization of the certified firm. The study contributes to the scientific debate on information security and certifications by developing the first large-scale empirical investigation based on secondary data on the financial implications of ISO/IEC 27001. Moreover, we further deepen the current knowledge on the effects of international management standards on firms’ performance thus enabling comparisons with other major management system standards.File | Dimensione del file | Formato | |
---|---|---|---|
Podrecca et al., 2022 - CII.pdf
Solo gestori di archivio
Versione:
publisher's version - versione editoriale
Licenza:
Licenza default Aisberg
Dimensione del file
666.12 kB
Formato
Adobe PDF
|
666.12 kB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
Aisberg ©2008 Servizi bibliotecari, Università degli studi di Bergamo | Terms of use/Condizioni di utilizzo