INFORMATION SECURITY RISK AND BOUNDARY CHANGING BEHAVIOR

The escalating information security threats and their impacts have made firms pay careful attention to potential risks they face and the actions they can take to mitigate such risks. We explore if and how the information security risk perceptions of firms shape their boundary-changing behaviors. We argue that organizations have risk transfer, risk avoidance, risk reduction, risk acceptance options, and combine these options in their attempts to reduce the perceived effects of information security risks. Organizations through risk transfer could transfer some effects of information security risks to third parties, while boundary changing behaviors could alter the potential vulnerabilities of a firm, and hence decisions to alter firm boundaries are likely to be shaped by risk perceptions. By fine-tuning 11 state-of-the-art NLP models with causal extraction, we find that organizations’ information security risk perception is positively associated with their information security risk transfer behavior, and less-risky boundary changing actions

IS Architecture Complexity Dynamics in M&A: Does Consolidation Reduce Complexity?

In this paper we aim to improve our understanding of the dynamics of IS architecture complexity (i.e, the change in this complexity over time) during the execution of a consolidation IS integration strategy (IIS). Based on two case studies, we find that unexpected levels of complexity emerge during IIS execution because of an underestimation of requisite complexity and an overestimation of the potential to reduce complexity. Our analysis shows that increased complexity is due to the fact that the intended consolidation IIS is only partially executed, and to increasingly emergent IIS execution. Additionally, we find that while complexity was reduced at the portfolio level, at more detailed levels of observation complexity was actually increased. Our paper contributes to knowledge in the field by providing a deeper insight into IS architecture complexity dynamics during the execution of a consolidation IIS, and the concept of IS architecture complexity in general

From Convergence to Compromise: Understanding the Interplay of Digital Transformation and Mergers on Data Breach Risks in Local and Cross-Border Mergers

In today\u27s digital age, the potential risks and challenges associated with digital transformation (DT) and cybersecurity have received limited research attention. This dissertation consists of three interconnected studies that aim to address this gap. The first study employs paradox theory to demonstrate that DT initiatives can increase a firm\u27s susceptibility to data breaches. Using a unique dataset spanning 10 years and involving 3604 brands, our analysis reveals that DT efforts in mobile and digital marketing are associated with a higher incidence of data breaches. However, firms can mitigate this impact by enhancing their innovative capacities. These findings contribute to a better understanding of the complex relationship between DT, data breaches, and innovation. Our second investigation, rooted in complexity theory and matching theory, examines the impact of mergers and acquisitions (M&As) on the frequency of data breaches. By analyzing 18 years of data from 5072 US firms, we find that M&As increase the likelihood of data breaches, particularly when the merging firms operate in different business domains. Furthermore, we observe that M&As that receive more media attention are more prone to data breaches, while those involving a more vulnerable target firm have fewer breaches. In our third study, guided by Institutional theory, we explore the relationship between cross-border mergers and acquisitions (CBMA) and data breaches. Our findings indicate that CBMAs, especially those accompanied by significant media publicity and involving firms from divergent institutional contexts, heighten the risk of data breaches. Overall, these studies provide valuable insights for firms aiming to mitigate data breach risks during their digital transformation (DT) efforts and M&A activities. They emphasize the importance of adopting a balanced communication strategy and considering the security implications of strategic actions. Moreover, our findings contribute to the academic discourse in information systems by illuminating the intricate interplay between DT, M&As, and data breaches

Structural Complexity and Data Breach Risk

Strategic transactions can affect a firm’s structural complexity and data breach risk. Mergers and acquisitions increase data breach risk by increasing firm’s structural complexity through the addition of new businesses and new IT interlinkages among the firm’s existing and newly added businesses. Divestitures reduce firm’s data breach risk by reducing the firm’s structural complexity through the removal of some business units and associated IT interlinkages. Business partnerships increase firm’s structural complexity and data breach risk by opening up the firm’s IT environment to third party business partners and creating challenges in joint governance and control of the IT interface and interaction points of the partners. We find support for these ideas in a sample of 9784 U.S. firms during 2005-2017. The proposed theory explains how and why strategic initiatives increase firms’ data breach risks