Centralized IT Decision Making and Cybersecurity Breaches: Evidence from U.S. Higher Education Institutions

Journal of Management Information Systems

51 Pages Posted: 17 Oct 2016 Last revised: 28 Nov 2020

See all articles by Che-Wei Liu

Che-Wei Liu

Indiana University Bloomington - Kelley School of Business

Peng Huang

University of Maryland - Robert H. Smith School of Business

Henry C. Lucas

University of Maryland - Robert H. Smith School of Business

Date Written: December 4, 2019

Abstract

Despite the consensus that information security should become an important consideration in IT governance rather than the sole responsibility of the IT department, important IT governance decisions are often made on the basis of fulfilling business needs alone while ignoring their implications for information security. We study how an important IT governance mechanism – the degree of centralized decision making – affects the likelihood of cybersecurity breaches. Examining a sample of 504 U.S. higher-education institutions over a four-year period, we find that a university with centralized IT governance is associated with fewer breaches. Interestingly, the effect of centralized IT governance is contingent on the heterogeneity of a university’s computing environment: Schools with more heterogeneous IT infrastructure benefit more from centralized governance. In addition, we find the relationship between centralized governance and cybersecurity breaches is most pronounced in public universities and those with more intensive research activities. We discuss the implications for research and practice.

Keywords: information security, cybersecurity breach, IT governance, centralized decision making, IT heterogeneity

Suggested Citation

Liu, Che-Wei and Huang, Peng and Lucas, Henry C., Centralized IT Decision Making and Cybersecurity Breaches: Evidence from U.S. Higher Education Institutions (December 4, 2019). Journal of Management Information Systems, Available at SSRN: https://ssrn.com/abstract=2850178 or http://dx.doi.org/10.2139/ssrn.2850178

Che-Wei Liu (Contact Author)

Indiana University Bloomington - Kelley School of Business ( email )

1309 E 10th Street, Hodge Hall 4100
Bloomington, IN 47405
United States

Peng Huang

University of Maryland - Robert H. Smith School of Business ( email )

College Park, MD 20742-1815
United States

Henry C. Lucas

University of Maryland - Robert H. Smith School of Business ( email )

College Park, MD 20742-1815
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
804
Abstract Views
2,267
rank
37,086
PlumX Metrics