IS - Seminar - Biding Their Time: The Influences of Executive Compensation & Board Cybersecurity Intensity on SEC Data Breach Notification Delays
Supporting the below United Nations Sustainable Development Goals:支持以下聯合國可持續發展目標:支持以下联合国可持续发展目标:
The U.S. Securities and Exchange Commission (SEC) requires firms to notify investors in an SEC filing of a data breach if it constitutes a material event. Importantly, the determination of materiality lies with executives, which has resulted in firms failing to disclose breaches to the SEC or purposely delaying notifications. We draw from the behavioral theory of the firm and executive compensation literature to develop predictions about the influence of IT and non-IT executives’ compensation on firms’ SEC data breach notification delays. Given the possibility of competing priorities and goals of the two executive groups, we argue that increased IT executive compensation leads to fewer delays, whereas increased non-IT executive compensation has the opposite effect. Because corporate boards of directors have oversight and advise on firms’ cybersecurity matters, we argue that the cybersecurity intensity of the firm’s board (i.e., social ties to breached firms) moderates the relationships between IT and non-IT executive compensation and notification delays. To test our hypotheses, we constructed a panel dataset from public sources and performed a series of econometric analyses. Our results suggest that the influence of executive compensation on notification delays differs for IT and non-IT executives in the manner hypothesized. However, for both types of executives, the moderating influence of the board’s cybersecurity intensity works to increase notification delays. Counter to the conventional view that increased cybersecurity experience on the board benefits timely data breach notification, our findings suggest that greater board experience results in delays of timely communications about data breaches via 8-K filings.
Prof. Jason Bennett Thatcher holds the Milton F. Stauffer Professorship in the Department of Management Information Systems at the Fox School of Business of Temple University. He has also held visiting faculty appointments at the Technical University of Munich, Hong Kong Polytechnic University and the Information Technology University-Copenhagen. Jason studies individual decision-making, strategic alignment and workforce issues as they relate to the effective application of information technologies in organizations. His more recent projects direct attention to cyber security and social media. Jason’s publishes in journals such as MIS Quarterly, Information Systems Research, Journal of Applied Psychology, Harvard Business Review, and other outlets. Jason’s work appears about once a year in Financial Times 50 listed journals. AISResearchRankings.Org ranked him the most productive author on the AIS senior scholars list in 2014 and 2020. Jason’s work has earned 11,000+ citations. Jason serves as Senior Editor at Information Systems Research and Journal of the Association for Information Systems. He has served as Senior Editor at the MIS Quarterly, Decision Sciences, and Associate Editor at Information Systems Research.
Prof. Thatcher’s greatest pleasure is working with students. He teaches courses in Management Information Systems and Strategic Management. He won the College of Business and Behavioral Science 2008 Undergraduate Teaching Excellence Award at Clemson University. Jason was named to the Circle of Compadres by the KPMG foundation for contributions to mentoring minority Ph.D. students.