Protecting data intangibly: How does control culture influence data breach risks?
研究了企业控制文化(一种无形控制措施)对三种数据泄露风险(意外内部、恶意外部、恶意内部)的影响,发现强控制文化能降低前两种风险,但对恶意内部泄露无效。
Abstract As data have become the most valuable asset for many firms, the increasing frequency, scope, and cost of data breaches have had a significant impact on organizations. Traditionally, managers have focused primarily on tangible control measures to ensure information security and minimize data breach risks. However, a deeper understanding of intangible control measures remains limited. This study explores the impact of control culture—an intangible control measure—on different types of data breach risks within a firm: accidental internal, malicious external, and malicious internal breaches. Drawing on human factor theory and routine activity theory, we develop several hypotheses regarding the effect of control culture on these varying types of data breach risks. We collect data from multiple sources and construct a panel data set to empirically test these hypotheses. Our findings reveal that a stronger control culture significantly reduces the risk of accidental internal and malicious external data breaches. However, it does not reduce the risk of internal breaches with malicious intent. This research breaks new ground in addressing data breach risks from the perspective of control culture, providing valuable insights for both academics and practitioners.