An event study analysis of the economic impact of it operational risk and its subcategories

Research output: Contribution to journalArticlepeer-review

73 Scopus citations


Organizations' growing exposure to IT operational risk, or the risk of failures of operational IT systems, could translate into significant losses. Despite this, there are notable theoretical and empirical gaps in the literature on IT operational risk. We propose the "resource weaknesses" framework, which extends the resource-based theory of the firm, as a theoretical lens for investigating IT operational risk and its impacts. We also theorize about and empirically examine the impact differences of two categories of IT operational failures: ones resulting in the disclosure, misuse, or destruction of data assets, and ones resulting in the loss of availability or the mis-operation of functional IT assets responsible for the handling of data assets. Whereas the former, datarelated failures have had some coverage in the literature, little is known about the latter, function-related failures. We apply an event study analysis with a well-balanced data set of IT operational failure events that occurred in U.S. financial service firms over a 25-year period. We find that function-related events have a substantially larger negative wealth effect than data-related events, and that firm characteristics such as firm size and growth potential greatly influence the degree of wealth effect. We conclude with important implications for practice and research.

Original languageEnglish (US)
Pages (from-to)606-631
Number of pages26
JournalJournal of the Association for Information Systems
Issue number9
StatePublished - 2011


  • Event study
  • IT risk
  • IT security
  • Operational risk

ASJC Scopus subject areas

  • Information Systems
  • Computer Science Applications


Dive into the research topics of 'An event study analysis of the economic impact of it operational risk and its subcategories'. Together they form a unique fingerprint.

Cite this