37 0

The impact of information sharing legislation on cybersecurity industry

Title
The impact of information sharing legislation on cybersecurity industry
Author
이상용
Keywords
Cybersecurity information sharing; Cybersecurity industry; Economic impact; Real option theory; Quasi-experiment,; Difference-in-difference
Issue Date
2020-09
Publisher
EMERALD GROUP PUBLISHING LTD
Citation
INDUSTRIAL MANAGEMENT & DATA SYSTEMS, v. 120, no. 9, page. 1777-1794
Abstract
Purpose The objective of this paper is to investigate how firms react to cybersecurity information sharing environment where government organizations disseminate cybersecurity threat information gathered by individual firms to the private entities. The overall impact of information sharing on firms' cybersecurity investment decision has only been game-theoretically explored, not giving practical implication. The authors therefore leverage the Cybersecurity Information Sharing Act of 2015 (CISA) to observe firms' attitudinal changes toward investing in cybersecurity. Design/methodology/approach The authors design a quasi-experiment where they set US cybersecurity firms as an experimental group (a proxy for total investment in cybersecurity) and nonsecurity firms as a control group to measure the net effect of CISA on overall cybersecurity investment. To enhance the robustness of the authors' difference-in-difference estimation, the authors employed propensity score matched sample test and reduced sample test as well. Findings For the full sample, the authors' empirical findings suggest that US security firms' overall performance (i.e. Tobin's Q) improved following the legislation, which indicates that more investment in cybersecurity was followed by the formation of information sharing environment. Interestingly, big cybersecurity firms are beneficiaries of the CISA when the full samples are divided into small and large group. Both Tobin's Q and sales growth rate increased for big firms after CISA. Research limitations/implications The authors' findings shed more light on the research stream of cybersecurity and information sharing, a research area only explored by game-theoretical approaches. Given that the US government has tried to enforce cybersecurity defensive measures by building cooperative architecture such as CISA 2015, the policy implication of this study is far-reaching. Originality/value The authors' study contributes to the research on the economic benefits of sharing cybersecurity information by finding the missing link (i.e. empirical evidence) between "sharing" and "economic impact." This paper confirms that CISA affects the cybersecurity industry unevenly by firm size, a previously unidentified relationship.
URI
https://www.emerald.com/insight/content/doi/10.1108/IMDS-10-2019-0536/full/htmlhttps://repository.hanyang.ac.kr/handle/20.500.11754/170683
ISSN
0263-5577; 1758-5783
DOI
10.1108/IMDS-10-2019-0536
Appears in Collections:
GRADUATE SCHOOL OF BUSINESS[S](경영전문대학원) > BUSINESS ADMINISTRATION(경영학과) > Articles
Files in This Item:
There are no files associated with this item.
Export
RIS (EndNote)
XLS (Excel)
XML


qrcode

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

BROWSE