Novel Research Demonstrates Improvements in Board-Level IT Governance in Firms that Experience Cyber Incidents

New research from the Martin J. Whitman School of Management at Syracuse University finds that when companies experience operational IT failures, such as a data breach, they make changes to their boards of directors in order to improve oversight and monitoring of IT resource utilization. The study also observes that the board-changes are proportional to the magnitude of drop in stock prices that companies often experience upon suffering an IT failure.

In “Operational IT failures, IT value-destruction and board-level IT governance changes,” Michel Benaroch, professor of information systems, and Anna Chernobai, associate professor of finance, started with the premise that most firms that experience operational IT failures suffer a negative market reaction that is seen from a significant drop in their equity value. The researchers then demonstrate that, subsequent to such IT failures, firms strategically enhance their board IT competency level in order to signal to market investors their serious intent to improve monitoring and control over IT resources.

“Firms that make significant changes at the board level tend to bounce back more quickly and successfully than firms that do not make any changes,” said Professor Benaroch. “This is because those that do increase the IT savvy of their boards after an IT failure are able to show their commitment to ensuring such a crisis won’t happen again, thereby are more likely to regain investors’ trust.”

Professor Chernobai added that their research showed that IT-intensive firms did not see as much turnover of CIOs serving on the board, because such turnover could be more disruptive to firm operations.

“Great attention should be given to operational IT failures,” she said. “Their impact is comparable to that of frauds and financial restatements in the eyes of the equity markets and carry great risk to firms.”

The study is forthcoming in MIS Quarterly.