{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T06:45:59Z","timestamp":1773470759821,"version":"3.50.1"},"reference-count":56,"publisher":"American Accounting Association","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016,9,1]]},"abstract":"<jats:title>ABSTRACT<\/jats:title>\n               <jats:p>After several high-profile data security breaches (e.g., Target Corporation, Michaels Stores, Inc., The Home Depot), corporate boards are prioritizing the oversight of Information Technology (IT) risk. Firms are also increasingly faced with disclosure decisions regarding IT security breaches. This study proposes that firms can use the creation of a board-level technology committee as part of the firm's information technology governance (ITG) to signal the firm's ability to detect and respond to security breaches. Using reported security breaches during the time period 2005\u20132014, results indicate that firms with technology committees are more likely to have reported breaches in a given year than are firms without the committee. Further analysis suggests that this positive association is driven by relatively young technology committees and external source breaches. Specifically, as a technology committee becomes more established, its firm is not as likely to be breached. To obtain further evidence on the perceived value of a technology committee, this study uses a returns analysis and finds that the presence of a technology committee mitigates the negative abnormal stock returns arising from external breaches. Findings add to the evolving ITG literature, as well to the signaling theory and disclosure literatures.<\/jats:p>","DOI":"10.2308\/isys-51402","type":"journal-article","created":{"date-parts":[[2016,1,29]],"date-time":"2016-01-29T19:04:40Z","timestamp":1454094280000},"page":"79-98","source":"Crossref","is-referenced-by-count":131,"title":["The Relationship between Board-Level Technology Committees and Reported Security Breaches"],"prefix":"10.2308","volume":"30","author":[{"given":"Julia L.","family":"Higgs","sequence":"first","affiliation":[{"name":"Florida Atlantic University"}]},{"given":"Robert E.","family":"Pinsker","sequence":"additional","affiliation":[]},{"given":"Thomas J.","family":"Smith","sequence":"additional","affiliation":[{"name":"University of South Florida"}]},{"given":"George R.","family":"Young","sequence":"additional","affiliation":[{"name":"Florida Atlantic University"}]}],"member":"1112","published-online":{"date-parts":[[2016,1,1]]},"reference":[{"issue":"1","key":"2024082915290791100_i1558-7959-30-3-79-Abbott1","doi-asserted-by":"crossref","first-page":"69","DOI":"10.2308\/aud.2004.23.1.69","article-title":"Audit committee characteristics and restatements","volume":"23","author":"Abbott","year":"2004","journal-title":"Auditing: A Journal of Practice & Theory"},{"key":"2024082915290791100_i1558-7959-30-3-79-Adler1","unstructured":"Adler, T. \n          \n          2011. Building Protection from Payments Fraud. Morristown, NJ: Financial Executives Institute."},{"issue":"2","key":"2024082915290791100_i1558-7959-30-3-79-Bart1","doi-asserted-by":"crossref","first-page":"147","DOI":"10.2308\/jis.2010.24.2.147","article-title":"IT and the board of directors: An empirical investigation into the \u201cgovernance questions\u201d Canadian board members ask about IT","volume":"24","author":"Bart","year":"2010","journal-title":"Journal of Information Systems"},{"key":"2024082915290791100_i1558-7959-30-3-79-Beaver1","doi-asserted-by":"crossref","first-page":"67","DOI":"10.2307\/2490070","article-title":"The information content of annual earnings announcements","volume":"6","author":"Beaver","year":"1968","journal-title":"Journal of Accounting Research"},{"key":"2024082915290791100_i1558-7959-30-3-79-Bhattacharya1","doi-asserted-by":"crossref","first-page":"259","DOI":"10.2307\/3003330","article-title":"Imperfect information, dividend policy, and \u201cthe bird in the hand\u201d fallacy","volume":"10","author":"Bhattacharya","year":"1979","journal-title":"The Bell Journal of Economics"},{"key":"2024082915290791100_i1558-7959-30-3-79-Campbell1","doi-asserted-by":"crossref","first-page":"431","DOI":"10.3233\/JCS-2003-11308","article-title":"The economic cost of publicly announced information security breaches: Empirical evidence from the stock market","volume":"11","author":"Campbell","year":"2003","journal-title":"Journal of Computer Security"},{"issue":"1","key":"2024082915290791100_i1558-7959-30-3-79-Carcello1","doi-asserted-by":"crossref","first-page":"95","DOI":"10.2308\/accr.2003.78.1.95","article-title":"Audit committee characteristics and auditor dismissals following \u201cnew\u201d going-concern reports","volume":"78","author":"Carcello","year":"2003","journal-title":"The Accounting Review"},{"key":"2024082915290791100_i1558-7959-30-3-79-Card1","unstructured":"Card, D. \n          \n          2011. Cybersecurity & Corporate Governance: SEC Releases First-Ever Guidance on Cybersecurity Risks Disclosure. Available at: http:\/\/www.americanbar.org\/content\/dam\/aba\/events\/international_law\/2013\/05\/law_business_andsociety-usisraelglobalrelationships\/cybersecurity_sec%20update.authcheckdam.pdf"},{"key":"2024082915290791100_i1558-7959-30-3-79-Cavusoglu1","doi-asserted-by":"crossref","first-page":"69","DOI":"10.1080\/10864415.2004.11044320","article-title":"The effect of Internet security breach announcements on market value: Capital market reactions for breached firms and Internet security developers","volume":"9","author":"Cavusoglu","year":"2004","journal-title":"International Journal of Electronic Commerce"},{"issue":"4","key":"2024082915290791100_i1558-7959-30-3-79-Chai1","doi-asserted-by":"crossref","first-page":"651","DOI":"10.1016\/j.dss.2010.08.017","article-title":"Firms' information security investment decisions: Stock market evidence of investors' behavior","volume":"50","author":"Chai","year":"2011","journal-title":"Decision Support Systems"},{"key":"2024082915290791100_i1558-7959-30-3-79-CongressionalResearchService1","unstructured":"Congressional Research Service. 2012. Data Security Breach Notification Laws. Available at: http:\/\/fas.org\/sgp\/crs\/misc\/R42475.pdf"},{"issue":"1","key":"2024082915290791100_i1558-7959-30-3-79-Debreceny1","doi-asserted-by":"crossref","first-page":"129","DOI":"10.2308\/isys-10339","article-title":"Research on IT governance, risk, and value: Challenges and opportunities","volume":"27","author":"Debreceny","year":"2013","journal-title":"Journal of Information Systems"},{"issue":"2","key":"2024082915290791100_i1558-7959-30-3-79-DeFond1","doi-asserted-by":"crossref","first-page":"153","DOI":"10.1111\/j.1475-679x.2005.00166.x","article-title":"Does the market value financial expertise on audit committees of boards of directors?","volume":"43","author":"DeFond","year":"2005","journal-title":"Journal of Accounting Research"},{"issue":"1","key":"2024082915290791100_i1558-7959-30-3-79-Dehejia1","doi-asserted-by":"crossref","first-page":"151","DOI":"10.1162\/003465302317331982","article-title":"Propensity score-matching methods for nonexperimental causal studies","volume":"84","author":"Dehejia","year":"2002","journal-title":"The Review of Economics and Statistics"},{"key":"2024082915290791100_i1558-7959-30-3-79-DiPietro1","unstructured":"DiPietro, B. \n          \n          2013. Cybercrime 2014: More Attacks, More Boardroom Scrutiny. Available at: http:\/\/stream.wsj.com\/story\/latest-headlines\/SS-2-63399\/SS-2-396323\/"},{"issue":"2","key":"2024082915290791100_i1558-7959-30-3-79-Easton1","doi-asserted-by":"crossref","first-page":"117","DOI":"10.1016\/0165-4101(89)90003-7","article-title":"Cross-sectional variation in the stock market response to accounting earnings announcements","volume":"11","author":"Easton","year":"1989","journal-title":"Journal of Accounting & Economics"},{"key":"2024082915290791100_i1558-7959-30-3-79-Ettredge1","doi-asserted-by":"crossref","unstructured":"Ettredge, M., and V. Richardson. \n          2001. Assessing the Risk in e-Commerce. Available at: http:\/\/papers.ssrn.com\/sol3\/papers.cfm?abstract_id=268737","DOI":"10.2139\/ssrn.268737"},{"key":"2024082915290791100_i1558-7959-30-3-79-Feng1","doi-asserted-by":"crossref","first-page":"190","DOI":"10.1016\/j.jacceco.2009.09.004","article-title":"Internal control and management guidance","volume":"48","author":"Feng","year":"2009","journal-title":"Journal of Accounting & Economics"},{"issue":"1\/2","key":"2024082915290791100_i1558-7959-30-3-79-Firth1","doi-asserted-by":"crossref","first-page":"145","DOI":"10.1111\/1468-5957.00181","article-title":"Auditor quality, signaling, and the valuation of initial public offerings","volume":"25","author":"Firth","year":"1998","journal-title":"Journal of Business Finance & Accounting"},{"issue":"7","key":"2024082915290791100_i1558-7959-30-3-79-Goel1","doi-asserted-by":"crossref","first-page":"404","DOI":"10.1016\/j.im.2009.06.005","article-title":"Estimating the market impact of security breach announcements on firm values","volume":"47","author":"Goel","year":"2009","journal-title":"Information & Management"},{"issue":"6","key":"2024082915290791100_i1558-7959-30-3-79-Gordon1","first-page":"1465","article-title":"The rise of independent directors in the United States, 1950\u20132005: Of shareholder value and stock market prices","volume":"59","author":"Gordon","year":"2007","journal-title":"Stanford Law Review"},{"issue":"3","key":"2024082915290791100_i1558-7959-30-3-79-Gordon2","doi-asserted-by":"crossref","first-page":"567","DOI":"10.2307\/25750692","article-title":"Market value of voluntary disclosures concerning information security","volume":"34","author":"Gordon","year":"2010","journal-title":"MIS Quarterly"},{"key":"2024082915290791100_i1558-7959-30-3-79-Gwebu1","unstructured":"Gwebu, K., \n            \n              J. Wang, and L. Wang. \n          2013. Data Security Breach Impact and Disclosure. Proceedings of the American Accounting Association Annual Meeting, Anaheim, CA,August 3\u20137."},{"issue":"3","key":"2024082915290791100_i1558-7959-30-3-79-Haviland1","doi-asserted-by":"crossref","first-page":"247","DOI":"10.1037\/1082-989X.12.3.247","article-title":"Combing propensity score matching and group-based trajectory analysis in an observational study","volume":"12","author":"Haviland","year":"2007","journal-title":"Psychological Methods"},{"key":"2024082915290791100_i1558-7959-30-3-79-HBGaryInc1","unstructured":"HBGary, Inc. 2013. Cybersecurity Directly Affects Investor Attitudes, New HBGary Survey Finds. Available at: https:\/\/www.thestreet.com\/story\/11851412\/1\/cybersecurity-directly-affects-investor-attitudes-new-hbgary-survey-finds.html"},{"issue":"February","key":"2024082915290791100_i1558-7959-30-3-79-Heckman1","doi-asserted-by":"crossref","first-page":"153","DOI":"10.2307\/1912352","article-title":"Sample selection bias as a specification error","volume":"47","author":"Heckman","year":"1979","journal-title":"Econometrica"},{"key":"2024082915290791100_i1558-7959-30-3-79-InternationalOrganizationforStandardizationInternationalElectrotechnicalCommissionISOIEC1","unstructured":"International Organization for Standardization\/International Electrotechnical Commission (ISO\/IEC). 2008. Corporate Governance of Information Technology. ISO\/IEC 38500. Geneva, Switzerland: International Organization for Standardization\/International Electrotechnical Commission."},{"key":"2024082915290791100_i1558-7959-30-3-79-ISACA1","unstructured":"ISACA. 2011. Global Status Report on the Governance of Enterprise IT (GEIT). Rolling Meadows, IL: ISACA."},{"key":"2024082915290791100_i1558-7959-30-3-79-ISACA2","unstructured":"ISACA. 2013a. COBIT 5: A Business Framework for the Governance and Management of Enterprise IT. Rolling Meadows, IL: ISACA."},{"key":"2024082915290791100_i1558-7959-30-3-79-ISACA3","unstructured":"ISACA. 2013b. COBIT for Information Security. Rolling Meadows, IL: ISACA."},{"issue":"4","key":"2024082915290791100_i1558-7959-30-3-79-John1","doi-asserted-by":"crossref","first-page":"1053","DOI":"10.1111\/j.1540-6261.1985.tb02363.x","article-title":"Dividends, dilution, and taxes: A signaling equilibrium","volume":"40","author":"John","year":"1985","journal-title":"The Journal of Finance"},{"issue":"1","key":"2024082915290791100_i1558-7959-30-3-79-Kannan1","doi-asserted-by":"crossref","first-page":"69","DOI":"10.2753\/JEC1086-4415120103","article-title":"Market reactions to information security breach announcements: An empirical analysis","volume":"12","author":"Kannan","year":"2007","journal-title":"International Journal of Electronic Commerce"},{"key":"2024082915290791100_i1558-7959-30-3-79-KrebsonSecurity1","unstructured":"Krebs on Security. 2015. Blog. Available at: http:\/\/www.krebsonsecurity.com\/"},{"key":"2024082915290791100_i1558-7959-30-3-79-Kroll1","unstructured":"Kroll. 2013. Kroll Releases Its 2014 Cybersecurity Forecast. Available at: http:\/\/www.4-traders.com\/news\/Kroll-Releases-Its-2014-Cyber-Security-Forecast--17575611\/"},{"issue":"1","key":"2024082915290791100_i1558-7959-30-3-79-Kwon1","doi-asserted-by":"crossref","first-page":"219","DOI":"10.2308\/isys-50339","article-title":"The association between top management involvement and compensation and information security breaches","volume":"27","author":"Kwon","year":"2013","journal-title":"Journal of Information Systems"},{"issue":"1","key":"2024082915290791100_i1558-7959-30-3-79-Lawrence1","doi-asserted-by":"crossref","first-page":"259","DOI":"10.2308\/accr.00000009","article-title":"Can Big 4 versus non-Big 4 differences in audit quality proxies be attributed to client characteristics?","volume":"86","author":"Lawrence","year":"2011","journal-title":"The Accounting Review"},{"issue":"2","key":"2024082915290791100_i1558-7959-30-3-79-Leland1","doi-asserted-by":"crossref","first-page":"371","DOI":"10.2307\/2326770","article-title":"Informational asymmetries, financial structure, and financial intermediation","volume":"32","author":"Leland","year":"1977","journal-title":"The Journal of Finance"},{"issue":"2","key":"2024082915290791100_i1558-7959-30-3-79-Lennox1","doi-asserted-by":"crossref","first-page":"589","DOI":"10.2308\/accr-10195","article-title":"Selection models in accounting research","volume":"87","author":"Lennox","year":"2012","journal-title":"The Accounting Review"},{"issue":"2","key":"2024082915290791100_i1558-7959-30-3-79-Masli1","doi-asserted-by":"crossref","first-page":"81","DOI":"10.2308\/isys-10117","article-title":"The business value of IT: A synthesis and framework of archival research","volume":"25","author":"Masli","year":"2011","journal-title":"Journal of Information Systems"},{"key":"2024082915290791100_i1558-7959-30-3-79-Miller1","doi-asserted-by":"crossref","first-page":"1031","DOI":"10.1111\/j.1540-6261.1985.tb02362.x","article-title":"Dividend policy under asymmetric information","volume":"40","author":"Miller","year":"1985","journal-title":"The Journal of Finance"},{"key":"2024082915290791100_i1558-7959-30-3-79-NationalAssociationofCorporateDirectorsNACD1","unstructured":"National Association of Corporate Directors (NACD). 2014. Cyber-Risk Oversight Handbook. Available at: https:\/\/www.nacdonline.org\/Resources\/Article.cfm?ItemNumber=10688"},{"key":"2024082915290791100_i1558-7959-30-3-79-NationalConferenceofStateLegislatures1","unstructured":"National Conference of State Legislatures. 2015. Security Breach Notification Laws. Available at: http:\/\/www.ncsl.org\/research\/telecommunications-and-information-technology\/security-breach-notification-laws.aspx"},{"key":"2024082915290791100_i1558-7959-30-3-79-NewYorkStockExchangeNYSE1","unstructured":"New York Stock Exchange (NYSE). 2014. Policy Manual. Available at: http:\/\/nysemanual.nyse.com\/lcm\/Help\/mapContent.asp?sec=lcm-sections&title=sx-ruling-nyse-policymanual_303A.05&id=chp_1_4_3_8)"},{"key":"2024082915290791100_i1558-7959-30-3-79-PonemonInstitute1","unstructured":"Ponemon Institute. 2013. 2012 Cost of Cyber Crime Study: United States. Available at: http:\/\/www.ponemon.org\/local\/upload\/file\/2012_US_Cost_of_Cyber_Crime_Study_FINAL6%20.pdf"},{"key":"2024082915290791100_i1558-7959-30-3-79-PonemonInstitute2","unstructured":"Ponemon Institute. 2014. 2014 Cost of Data Breach Study: Global Analysis. Available at: https:\/\/www-935.ibm.com\/services\/multimedia\/SEL03027USEN_Poneman_2014_Cost_of_Data_Breach_Study.pdf"},{"issue":"6","key":"2024082915290791100_i1558-7959-30-3-79-Premuroso1","doi-asserted-by":"crossref","first-page":"1260","DOI":"10.1111\/j.1467-8683.2007.00645.x","article-title":"Is there a relationship between firm performance, corporate governance, and a firm's decision to form a technology committee?","volume":"15","author":"Premuroso","year":"2007","journal-title":"Corporate Governance: An International Review"},{"key":"2024082915290791100_i1558-7959-30-3-79-SecuritiesandExchangeCommissionSEC1","unstructured":"Securities and Exchange Commission (SEC). 2011. CF Disclosure Guidance: Topic No. 2: Cybersecurity. Available at: https:\/\/www.sec.gov\/divisions\/corpfin\/guidance\/cfguidance-topic2.htm"},{"issue":"3","key":"2024082915290791100_i1558-7959-30-3-79-Spence1","doi-asserted-by":"crossref","first-page":"355","DOI":"10.2307\/1882010","article-title":"Job market signaling","volume":"87","author":"Spence","year":"1973","journal-title":"The Quarterly Journal of Economics"},{"key":"2024082915290791100_i1558-7959-30-3-79-SpencerStuart1","unstructured":"Spencer Stuart. 2012. Spencer Stuart U.S. Board Index. Available at: http:\/\/womensleadershipfoundation.org\/wp-content\/uploads\/2012\/05\/Spencer-Stuart-US-Board-Index-2012_06Nov2012.pdf"},{"issue":"2","key":"2024082915290791100_i1558-7959-30-3-79-Srinivasan1","doi-asserted-by":"crossref","first-page":"291","DOI":"10.1111\/j.1475-679x.2005.00172.x","article-title":"Consequences of financial reporting failure for outside directors: Evidence from accounting restatements and audit committee members","volume":"43","author":"Srinivasan","year":"2005","journal-title":"Journal of Accounting Research"},{"issue":"April 3","key":"2024082915290791100_i1558-7959-30-3-79-Strohm1","first-page":"3","article-title":"Cyber-attacks abound yet companies tell SEC losses are few","author":"Strohm","year":"2013","journal-title":"Bloomberg.com"},{"issue":"3","key":"2024082915290791100_i1558-7959-30-3-79-Tambe1","doi-asserted-by":"crossref","first-page":"599","DOI":"10.1287\/isre.1110.0398","article-title":"The productivity of information technology investments: New evidence from IT labor data","volume":"23","author":"Tambe","year":"2012","journal-title":"Information Systems Research"},{"key":"2024082915290791100_i1558-7959-30-3-79-ThomsonReuters1","unstructured":"Thomson Reuters. 2014. Senate Intelligence Committee Approves Cybersecurity Bill. Available at: http:\/\/www.reuters.com\/article\/us-usa-cybersecurity-congress-idUSKBN0FD2LG20140708"},{"key":"2024082915290791100_i1558-7959-30-3-79-Tysiac1","unstructured":"Tysiac, K. \n          \n          2014. Technology Plays a Role in Board Members' Top Two Concerns. Available at: http:\/\/www.cgma.org\/Magazine\/News\/Pages\/201410602.aspx"},{"issue":"2","key":"2024082915290791100_i1558-7959-30-3-79-Wang1","doi-asserted-by":"crossref","first-page":"201","DOI":"10.1287\/isre.1120.0437","article-title":"The association between the disclosure and the realization of information security risk factors","volume":"24","author":"Wang","year":"2013","journal-title":"Information Systems Research"},{"issue":"June 29","key":"2024082915290791100_i1558-7959-30-3-79-Yadron1","first-page":"3","article-title":"Corporate boards race to shore up cybersecurity: Directors grapple with issues once consigned to teach experts","author":"Yadron","year":"2014","journal-title":"Wall Street Journal"}],"container-title":["Journal of Information Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/publications.aaahq.org\/jis\/article-pdf\/30\/3\/79\/8240\/isys-51402.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/publications.aaahq.org\/jis\/article-pdf\/30\/3\/79\/8240\/isys-51402.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,29]],"date-time":"2024-08-29T17:02:16Z","timestamp":1724950936000},"score":1,"resource":{"primary":{"URL":"https:\/\/publications.aaahq.org\/jis\/article\/30\/3\/79\/1035\/The-Relationship-between-Board-Level-Technology"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,1,1]]},"references-count":56,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2016,1,1]]},"published-print":{"date-parts":[[2016,9,1]]}},"URL":"https:\/\/doi.org\/10.2308\/isys-51402","relation":{},"ISSN":["1558-7959","0888-7985"],"issn-type":[{"value":"1558-7959","type":"electronic"},{"value":"0888-7985","type":"print"}],"subject":[],"published":{"date-parts":[[2016,1,1]]}}}