The impact of information sharing legislation on cybersecurity industry
- Authors
- Yang, Agnes; Kwon, Young Jin; Lee, Sang-Yong Tom
- Issue Date
- Sep-2020
- Publisher
- EMERALD GROUP PUBLISHING LTD
- Keywords
- Cybersecurity information sharing; Cybersecurity industry; Economic impact; Real option theory; Quasi-experiment; Difference-in-difference
- Citation
- INDUSTRIAL MANAGEMENT & DATA SYSTEMS, v.120, no.9, pp.1777 - 1794
- Indexed
- SCIE
SCOPUS
- Journal Title
- INDUSTRIAL MANAGEMENT & DATA SYSTEMS
- Volume
- 120
- Number
- 9
- Start Page
- 1777
- End Page
- 1794
- URI
- https://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/8928
- DOI
- 10.1108/IMDS-10-2019-0536
- ISSN
- 0263-5577
- Abstract
- Purpose The objective of this paper is to investigate how firms react to cybersecurity information sharing environment where government organizations disseminate cybersecurity threat information gathered by individual firms to the private entities. The overall impact of information sharing on firms' cybersecurity investment decision has only been game-theoretically explored, not giving practical implication. The authors therefore leverage the Cybersecurity Information Sharing Act of 2015 (CISA) to observe firms' attitudinal changes toward investing in cybersecurity. Design/methodology/approach The authors design a quasi-experiment where they set US cybersecurity firms as an experimental group (a proxy for total investment in cybersecurity) and nonsecurity firms as a control group to measure the net effect of CISA on overall cybersecurity investment. To enhance the robustness of the authors' difference-in-difference estimation, the authors employed propensity score matched sample test and reduced sample test as well. Findings For the full sample, the authors' empirical findings suggest that US security firms' overall performance (i.e. Tobin's Q) improved following the legislation, which indicates that more investment in cybersecurity was followed by the formation of information sharing environment. Interestingly, big cybersecurity firms are beneficiaries of the CISA when the full samples are divided into small and large group. Both Tobin's Q and sales growth rate increased for big firms after CISA. Research limitations/implications The authors' findings shed more light on the research stream of cybersecurity and information sharing, a research area only explored by game-theoretical approaches. Given that the US government has tried to enforce cybersecurity defensive measures by building cooperative architecture such as CISA 2015, the policy implication of this study is far-reaching. Originality/value The authors' study contributes to the research on the economic benefits of sharing cybersecurity information by finding the missing link (i.e. empirical evidence) between "sharing" and "economic impact." This paper confirms that CISA affects the cybersecurity industry unevenly by firm size, a previously unidentified relationship.
- Files in This Item
-
Go to Link
- Appears in
Collections - 서울 경영대학 > 서울 경영학부 > 1. Journal Articles
![qrcode](https://api.qrserver.com/v1/create-qr-code/?size=55x55&data=https://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/8928)
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.