Information Technology, Analytics, and Operations
Mendoza College of Business, Notre Dame
Professor Corey Angst, professor at Mendoza College of Business at Notre Dame, will be presenting, as part of the Dean’s Distinguished Speaker Series. This is an invite only event. If you are interested in attending, please email Archana Jain (email@example.com).
TOPIC: Too Good to Be True: Firm Social Performance and the Risk of Data Breach
In this paper, we draw from research in the information systems (IS) security and management fields to theorize that a firm’s social performance, as measured by its engagement in socially responsible (or irresponsible) activities (i.e., corporate social performance (CSP)), affects its likelihood of being subject to computer attacks that result in data breaches. Drawing from stakeholder theory, and positioning employees and external hackers as key stakeholders of the firm with respect to information security, we propose a set of hypotheses that elaborate relationships between aspects of a firm’s CSP and the likelihood of experiencing a data breach. To test our hypotheses, we compiled a unique dataset that consists of publicly available data on firms’ data breach incidents, external assessments of their CSP, and other firm-specific factors. Our contribution is an intriguing and previously unknown account of CSP as it relates to information security. Paradoxically, our results suggest that firms that are noted to have CSP concerns are no more likely to experience a data breach, while CSP strengths beget increased stakeholder scrutiny and result in an elevated likelihood of breach. Delving into this latter finding, our results suggest that this effect is driven by firms that simultaneously have CSP strengths which are peripheral to core firm activities (e.g., philanthropy, recycling programs) along with high CSP concerns. The increased likelihood of breach for firms with seemingly disingenuous CSP records suggests that perceived ‘greenwashing’ efforts that attempt to mask poor social performance make firms attractive targets for security exploitation.
Professor Angst conducts research on the transformational effect of IT, technology usage, and IT value - particularly in the healthcare industry. In recent papers, he has investigated the diffusion of disruptive healthcare innovations and the relationship to financial value and quality of care. Angst teaches undergraduate courses in project management and problem solving and graduate courses related to the strategic use of IT. He received his Ph.D. from the Smith School of Business, University of Maryland; his M.B.A. from the Alfred Lerner College of Business & Economics, University of Delaware; and his B.S. in Mechanical Engineering from Western Michigan University. From 2005-2007, Angst was the Associate Director of the Center for Health Information and Decision Systems at the University of Maryland. Prior to pursuing his graduate education, Angst worked for 10 years in both technical and strategic roles, most recently as a consultant with the DuPont Company. Angst has conducted research and consulted in the healthcare IT domain for many large multinational companies and for the federal government.
For more information on this speaker please visit: