The Impact of Executives’ IT Expertise on Reported Data Security Breaches

Data security breaches (DSBs) are increasing investor and regulator pressure on firms to improve their IT governance (ITG) in an effort to mitigate the related risk. We argue that DSB risk cannot be mitigated by one executive alone, but, rather, is a shared leadership responsibility of the top management team (TMT) (i.e., Chief Executive Officer [CEO], Chief Financial Officer [CFO], and Chief Information Officer [CIO]). Our results suggest that IT-savvy CEOs see technologies related to mitigating DSBs as a top-three most important type of digital methodology for their firm. Similarly, the results related to CFOs with IT expertise single out the critical investment in controls designed to prevent DSBs. Our strong findings for CIOs on the TMT add to the related guidance from COBIT 5 for information security and consistently suggest that they are the key executive for securing IT systems. Finally, our granular explanation of each executive’s DSB-related responsibility could potentially provide firms the start of a governance-led roadmap for compliance to the Securities and Exchange Commission’s and Justice Department’s cyber regulations.