- Browse/Search the Program
Search
Program Calendar
Browse By Day
- Information Menu
Search Tips
Conference
Virtual Exhibit Hall
Location
About AAA
- Navigation and Settings Menu
Personal Schedule
Sign In
The Effects of ISO 27001 Certificate and CSR Performance on Investors’ Responses to Cybersecurity Breaches
Fri, October 8, 3:45 to 5:15pm, TBAAbstract
We investigate the effects of ISO 27001 certificate and CSR performance on investors’ responses to cybersecurity breaches. Based on the results of an online experiment with 202 MTurk participants, we find that an ISO 27001 certificate issued by an independent certification body serves as damage control and attenuates investors’ negative reactions when facing data breaches. However, the connection between the certification body that issue ISO 27001 certificates and the financial audit firm of the audited company may impair the effectiveness of the ISO 27001 certificate serving as damage control for cybersecurity breaches. Similarly, positive CSR performance provides insurance-like protection and spillover to reduce investors’ negative responses on occasions of cybersecurity breaches. In addition, ISO 27001 certificate and CSR performance are substitutive mechanisms. Specifically, the existence of either ISO 27001 certificate or positive CSR performance alone is effective enough in attenuating investors’ negative perceptions. Adding another control does not necessarily lead to additional benefits.