TY - JOUR
T1 - An event study analysis of the economic impact of it operational risk and its subcategories
AU - Goldstein, James
AU - Chernobai, Anna
AU - Benaroch, Michel
PY - 2011
Y1 - 2011
N2 - Organizations' growing exposure to IT operational risk, or the risk of failures of operational IT systems, could translate into significant losses. Despite this, there are notable theoretical and empirical gaps in the literature on IT operational risk. We propose the "resource weaknesses" framework, which extends the resource-based theory of the firm, as a theoretical lens for investigating IT operational risk and its impacts. We also theorize about and empirically examine the impact differences of two categories of IT operational failures: ones resulting in the disclosure, misuse, or destruction of data assets, and ones resulting in the loss of availability or the mis-operation of functional IT assets responsible for the handling of data assets. Whereas the former, datarelated failures have had some coverage in the literature, little is known about the latter, function-related failures. We apply an event study analysis with a well-balanced data set of IT operational failure events that occurred in U.S. financial service firms over a 25-year period. We find that function-related events have a substantially larger negative wealth effect than data-related events, and that firm characteristics such as firm size and growth potential greatly influence the degree of wealth effect. We conclude with important implications for practice and research.
AB - Organizations' growing exposure to IT operational risk, or the risk of failures of operational IT systems, could translate into significant losses. Despite this, there are notable theoretical and empirical gaps in the literature on IT operational risk. We propose the "resource weaknesses" framework, which extends the resource-based theory of the firm, as a theoretical lens for investigating IT operational risk and its impacts. We also theorize about and empirically examine the impact differences of two categories of IT operational failures: ones resulting in the disclosure, misuse, or destruction of data assets, and ones resulting in the loss of availability or the mis-operation of functional IT assets responsible for the handling of data assets. Whereas the former, datarelated failures have had some coverage in the literature, little is known about the latter, function-related failures. We apply an event study analysis with a well-balanced data set of IT operational failure events that occurred in U.S. financial service firms over a 25-year period. We find that function-related events have a substantially larger negative wealth effect than data-related events, and that firm characteristics such as firm size and growth potential greatly influence the degree of wealth effect. We conclude with important implications for practice and research.
KW - Event study
KW - IT risk
KW - IT security
KW - Operational risk
UR - http://www.scopus.com/inward/record.url?scp=80054950814&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=80054950814&partnerID=8YFLogxK
U2 - 10.17705/1jais.00275
DO - 10.17705/1jais.00275
M3 - Article
AN - SCOPUS:80054950814
SN - 1558-3457
VL - 12
SP - 606
EP - 631
JO - Journal of the Association for Information Systems
JF - Journal of the Association for Information Systems
IS - 9
ER -