Advanced search
Publication Cover
Journal of Management Information Systems Volume 37, 2020 - Issue 3
Journal homepage
1,168
Views
5
CrossRef citations to date
0
Altmetric
Research Article

Understanding Security Vulnerability Awareness, Firm Incentives, and ICT Development in Pan-Asia

Yunhui Zhuanga Department of Information Systems, College of Business, City University of Hong Kong, Kowloon, Hong KongORCID Iconhttps://orcid.org/0000-0003-4950-8481View further author information
ORCID Icon,
Yunsik Choib AITRICS, Seoul, Republic of KoreaView further author information
,
Shu Hec School of Business, University of Connecticut, Connecticut, USAORCID Iconhttps://orcid.org/0000-0001-5899-5299View further author information
ORCID Icon,
Alvin Chung Man Leunga Department of Information Systems, College of Business, City University of Hong Kong, Kowloon, Hong KongORCID Iconhttps://orcid.org/0000-0001-8961-8357View further author information
ORCID Icon,
Gene Moo Leed Sauder School of Business, University of British Columbia, Vancouver, British Columbia, CanadaCorrespondence[email protected]
ORCID Iconhttps://orcid.org/0000-0003-0657-6898View further author information
ORCID Icon &
Andrew Whinstone McCombs School of Business, University of Texas at Austin, Austin, Texas, USAORCID Iconhttps://orcid.org/0000-0002-7371-8991View further author information
ORCID Icon
Pages 668-693 | Published online: 18 Nov 2020

References

  • Abadie, A. Semiparametric difference-in-differences estimators. The Review of Economic Studies 72, 1 (2005), 1–19.
  • Adelsman, R.M.; and Whinston, A.B. Sophisticated voting with information for two voting functions. Journal of Economic Theory 15, 1 (1977), 145–159.
  • Akerlof, G.A. The market for “lemons”: Quality uncertainty and the market mechanism. The Quarterly Journal of Economics 84, 3 (1970), 488–500.
  • Angrist, J.D.; and Pischke, J.S. Mostly Harmless Econometrics: An Empiricist’s Companion. Princeton, NJ: Princeton University Press, 2008.
  • August, T.; August, R.; and Shin, H. Designing user incentives for cybersecurity. Communications of the ACM 57, 11 (2014), 43–46.
  • Autor, D.H. Outsourcing at will: The contribution of unjust dismissal doctrine to the growth of employment outsourcing. Journal of Labor Economics 21, 1 (2003), 1–42.
  • Ba, S.; Whinston, A.B.; and Zhang, H. The dynamics of the electronic market: An evolutionary game approach. Information Systems Frontiers 2, 1 (2000), 31–40.
  • Baker, J. The technology–organization–environment framework. In, Dwivedi, Y.K., Wade, M.R., and Schneberger, S.L., (eds.), Information Systems Theory: Explaining and Predicting Our Digital Society, Vol. 1, New York, NY: Springer New York, 2012, pp. 231–245.
  • Bauer, J.M.; and van Eeten, M.J.G. Cybersecurity: Stakeholder incentives, externalities, and policy options. Telecommunications Policy 33, 10 (2009), 706–719.
  • Bergeron, F.; Rivard, S.; and de Serre, L. Investigating the support role of the information center. MIS Quarterly 14, 3 (1990), 247–260.
  • Bhatt, G.D.; and Grover, V. Types of information technology capabilities and their role in competitive advantage: An empirical study. Journal of Management Information Systems 22, 2 (2005), 253–277.
  • Bose, I.; and Leung, A.C.M. Unveiling the mask of phishing: Threats, preventive measures, and responsibilities. Communications of the Association for Information Systems 19 (2007), 24.
  • Bose, I.; and Leung, A.C.M. Do phishing alerts impact global corporations? A firm value analysis. Decision Support Systems 64 (2014), 67–78.
  • Bose, I.; and Leung, A.C.M. Adoption of identity theft countermeasures and its short- and long-term impact on firm value. MIS Quarterly 43, 1 (2019), 313–327.
  • Brown, S.; and Hillegeist, S.A. How disclosure quality affects the level of information asymmetry. Review of Accounting Studies 12, 2 (2007), 443–477.
  • Chatterjee, S.; Sarker, S.; and Valacich, J.S. The behavioral roots of information systems security: Exploring key factors related to unethical IT use. Journal of Management Information Systems 31, 4 (2015), 49–87.
  • Chen, Y.; and Zahedi, F. Individuals’ internet security perceptions and behaviors: Polycontextual contrasts between the United States and China. MIS Quarterly 40, 1 (2016), 205.
  • D’Arcy, J.; Hovav, A.; and Galletta, D. User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Information Systems Research 20, 1 (2009), 79–98.
  • Eeten, M.; and Bauer, J. Economics of malware: Security decisions, incentives and externalities. OECD Science, Technology and Industry Working Papers, Directorate for Science, Technology and Industry, OECD, Paris, France, 2008.
  • Efron, B. An Introduction to the Bootstrap. New York: Chapman & Hall, 1993.
  • Gal-Or, E.; and Ghose, A. The economic incentives for sharing security information. Information Systems Research 16, 2 (2005), 186–208.
  • Gordon, L.A.; Loeb, M.P.; and Lucyshyn, W. Information security expenditures and real options: A wait-and-see approach. Computer Security Journal 19, 2 (2003), 1–7.
  • Gordon, L.A.; Loeb, M.P.; and Sohail, T. Market value of voluntary disclosures concerning information security. MIS Quarterly 34, 3 (2010), 567–594.
  • He, S.; Lee, G.M.; Han, S.; and Whinston, A.B. How would information disclosure influence organizations’ outbound spam volume? Evidence from a field experiment. Journal of Cybersecurity 2, 1 (2016), 99–118.
  • Heckman, J.J.; and Smith, J.A. Assessing the case for social experiments. The Journal of Economic Perspectives 9, 2 (1995), 85–110.
  • Hui, K.-L.; Kim, S.; and Wang, Q.-H. Cybercrime deterrence and international legislation: Evidence from distributed denial of service attacks. MIS Quarterly 41, 2 (2017), 497.
  • Jolliffe, I.T. Principal Component Analysis. New York: Springer-Verlag, 2002.
  • Kim, S.; Wang, Q.-H.; and Ullrich, J. A comparative study of cyberattacks. Communications of the ACM 55, 3 (2012), 66–73.
  • Kim, S.H.; and Kim, B.C. Differential effects of prior experience on the malware resolution process. MIS Quarterly 38, 3 (2014), 655–678.
  • Kuan, K.K.Y.; and Chau, P.Y.K. A perception-based model for EDI adoption in small businesses using a technology–organization–environment framework. Information & Management 38, 8 (2001), 507–521.
  • Kunreuther, H.; and Heal, G. Interdependent security. Journal of Risk and Uncertainty 26, 2 (2003), 231–249.
  • Kwon, J.; and Johnson, E.M. Meaningful healthcare security: Does meaningful-use attestation improve information security performance? MIS Quarterly 42, 4 (2018), 1043–1067.
  • Lee, J.K. Research framework for AIS grand vision of the Bright ICT initiative. MIS Quarterly 39, 2 (2015), iii–xii.
  • Lee, J.K.; Cho, D.; and Lim, G.G. Design and validation of the Bright Internet. Journal of the Association for Information Systems 19, 2 (2018), 63–85.
  • Menard, P.; Bott, G.J.; and Crossler, R.E. User motivations in protecting information security: Protection motivation theory versus self-determination theory. Journal of Management Information Systems 34, 4 (2017), 1203–1230.
  • Mitra, S.; and Ransbotham, S. Information disclosure and the diffusion of information security attacks. Information Systems Research 26, 3 (2015), 565–584.
  • Moore, T. The economics of cybersecurity: Principles and policy options. International Journal of Critical Infrastructure Protection 3, 3 (2010), 103–117.
  • Moore, T.; and Clayton, R. The impact of public information on phishing attack and defense. Communications & Strategies 1, 81 (2011), 45–68.
  • Moore, T.; Clayton, R.; and Anderson, R. The economics of online crime. Journal of Economic Perspectives 23, 3 (2009), 3–20.
  • Morgan, K.L.; and Rubin, D.B. Rerandomization to improve covariate balance in experiments. The Annals of Statistics 40, 2 (2012), 1263–1282.
  • Öğüt, H.; Raghunathan, S.; and Menon, N. Cyber security risk management: Public policy implications of correlated risk, imperfect ability to prove loss, and observability of self-protection. Risk Analysis 31, 3 (2011), 497–512.
  • Png, I.P.L.; Wang, C.-Y.; and Wang, Q.-H. The deterrent and displacement effects of information security enforcement: International evidence. Journal of Management Information Systems 25, 2 (2008), 125–144.
  • Quarterman, J.S.; Linden, L.L.; Tang, Q.; Lee, G.M.; and Whinston, A.B. Spam and botnet reputation randomized control trials and policy. The 41st Research Conference on Communication, Information and Internet Policy, George Mason University, Arlington, VA, 2013.
  • Rubin, D.B. Basic concepts of statistical inference for causal effects in experiments and observational studies. Cambridge, MA: Harvard University, 2004, pp. 1–140.
  • Sanchez, F.; Duan, Z.; and Dong, Y. Blocking spam by separating end-user machines from legitimate mail server machines. Security and Communication Networks 9, 4 (2016), 316–326.
  • Santanam, R.; Sethumadhavan, M.; and Virendra, M. Cyber Security, Cyber Crime and Cyber Forensics: Applications and Perspectives. Hershey, United States: IGI Global, 2010.
  • Sen, R.; and Borle, S. Estimating the contextual risk of data breach: An empirical approach. Journal of Management Information Systems 32, 2 (2015), 314–341.
  • Shetty, N.; Schwartz, G.; and Walrand, J. Can competitive insurers improve network security? In, Acquisti, A., Smith, S.W., and Sadeghi, A.-R., (eds.), Trust and Trustworthy Computing, Berlin, Heidelberg: Springer Berlin Heidelberg, 2010, pp. 308–322.
  • Sommer, A.; and Zeger, S.L. On estimating efficacy from clinical trials. Statistics in Medicine 10, 1 (1991), 45–52.
  • Symantec. Internet security threat report 2016. Mountain View, CA, 2016.
  • Symantec. Internet security threat report 2017. Mountain View, CA, 2017.
  • Tan, C.L.; Chiew, K.L.; Wong, K.; and Sze, S.N. Phishwho: Phishing webpage detection via identity keywords extraction and target domain name finder. Decision Support Systems 88 (2016), 18–27.
  • Tang, Q.; and Whinston, A.B. Do reputational sanctions deter negligence in information security management? A field quasi-experiment. Production and Operations Management 29, 2 (2020), 410–427.
  • van Wanrooij, W.; and Pras, A. Filtering spam from bad neighborhoods. International Journal of Network Management 20, 6 (2010), 433–444.
  • Wang, J.; Xiao, N.; and Rao, H.R. Research note—an exploration of risk characteristics of information security threats and related public information search behavior. Information Systems Research 26, 3 (2015), 619–633.
  • Weill, P. The relationship between investment in information technology and firm performance: A study of the valve manufacturing sector. Information Systems Research 3, 4 (1992), 307–333.
  • Wright, R.T.; Jensen, M.L.; Thatcher, J.B.; Dinger, M.; and Marett, K. Influence techniques in phishing attacks: An examination of vulnerability and resistance. Information Systems Research 25, 2 (2014), 385–400.
  • Zeng, V.; Baki, S.; Aassal, A.E.; Verma, R.; Moraes, L.F.T.D.; and Das, A. Diverse datasets and a customizable benchmarking framework for phishing. In Proceedings of the Sixth International Workshop on Security and Privacy Analytics, New York: ACM Press, 2020.
  • Zhou, W.; and Piramuthu, S. IoT security perspective of a flexible healthcare supply chain. Information Technology and Management 19, 3 (2018), 141–153.
  • Zhu, K.; and Kraemer, K.L. Post-adoption variations in usage and value of e-business by organizations: Cross-country evidence from the retail industry. Information Systems Research 16, 1 (2005), 61–84.
  • Zhu, K.; Kraemer, K.; and Xu, S. Electronic business adoption by European firms: A cross-country assessment of the facilitators and inhibitors. European Journal of Information Systems 12, 4 (2003), 251–268.
  • Zhu, K.; Kraemer, K.L.; and Dedrick, J. Information technology payoff in e-business environments: An international perspective on value creation of e-business in the financial services industry. Journal of Management Information Systems 21, 1 (2004), 17–54.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.