Chief Information Security Officers on Top Management Teams: Impact on Firms’ Innovation
研究发现,将首席信息安全官纳入高层管理团队能通过降低安全风险、促进创新技术采用和加强知识产权保护来显著提升企业创新,且其行业或高管经验越丰富效果越强。
The growing frequency of information security breaches and the rising importance of cybersecurity have prompted many firms to include chief information security officers (CISOs) in their top management teams (TMTs). Although CISOs are often viewed narrowly through a security-focused lens, our research shows that their inclusion in TMTs can offer a strategic advantage by significantly enhancing firm innovation. We identify three mechanisms that explain this effect: (1) reducing preventable security risks that might otherwise hinder innovation efforts; (2) enabling the adoption of innovation technologies (e.g., cloud computing, big data) that carry strategic security risks; and (3) strengthening security controls that protect intellectual property and mitigate innovation-related threats. Importantly, the CISO’s background matters. Those with specialized experience—either in the same industry or with prior executive roles—have a stronger impact on driving innovation. This research illuminates how CISOs’ presence on TMTs affects firms’ value creation from a security risk management perspective, and provides guidance for firms seeking to hire CISOs for innovation.