The Roles of IT Strategies and Security Investments in Reducing Organizational Security Breaches
研究美国医院数据发现,IT安全投资在数字化程度低的组织中减少安全漏洞,但在高度数字化组织中反而增加漏洞;技术控制网络系统减少外部漏洞,身份与访问管理系统减少内部漏洞但增加外部漏洞,而外包网络嵌入会调节这些影响。
This research examines the joint effects of information technology (IT) strategies and security investments on organizational security breaches. We focus on two forms of IT strategies: digitalization and embeddedness in IT outsourcing networks. Our longitudinal analysis of U.S. hospitals demonstrates that IT security investments reduce security breaches in less digitalized organizations but increase security breaches for highly digitalized organizations. Investing in technical network control security systems such as anti-virus and intrusion detection systems reduces external breaches. Implementing identity and access management security systems such as biometric scanning and user authentication decreases internal breaches but increases external breaches. However, organizations’ embeddedness in IT outsourcing networks weakens the impacts of these technologies investments on external breaches but amplifies the negative relationship between identity and access management security systems and internal breaches. Our results offer an alternative understanding of organizational IT security investments and explain contrary results found in prior studies. Practical guidelines on organizational IT security strategies are discussed.