Although protecting information is the key challenge in a business environment characterized by increasing digitalization and connectivity, the impact of firms’ investments in information security on their financial performance is unclear. In this paper, we focus on ISO/IEC 27001 (i.e., the most renowned norm in the field and the fourth most widespread ISO standard) and analyze the relationship between the attainment of the certification and firms’ financial performance. We developed a set of theory-grounded hypotheses and tested them through a long-term event study complemented by an ordinary least squares regression on a dataset of 143 US-listed companies. The results indicate that the ISO/IEC 27001 certification is associated with improvements in profitability, labor productivity, and (partially) sales performance. The impact appears affected by the level of internationalization of the certified firm. The study contributes to the scientific debate on information security and certifications by developing the first large-scale empirical investigation based on secondary data on the financial implications of ISO/IEC 27001. Moreover, we further deepen the current knowledge on the effects of international management standards on firms’ performance thus enabling comparisons with other major management system standards.

Information security and value creation: The performance implications of ISO/IEC 27001

Podrecca M.
Primo
;
Culot G.
Secondo
;
Nassimbeni G.
Penultimo
;
Sartor M.
Ultimo
2022-01-01

Abstract

Although protecting information is the key challenge in a business environment characterized by increasing digitalization and connectivity, the impact of firms’ investments in information security on their financial performance is unclear. In this paper, we focus on ISO/IEC 27001 (i.e., the most renowned norm in the field and the fourth most widespread ISO standard) and analyze the relationship between the attainment of the certification and firms’ financial performance. We developed a set of theory-grounded hypotheses and tested them through a long-term event study complemented by an ordinary least squares regression on a dataset of 143 US-listed companies. The results indicate that the ISO/IEC 27001 certification is associated with improvements in profitability, labor productivity, and (partially) sales performance. The impact appears affected by the level of internationalization of the certified firm. The study contributes to the scientific debate on information security and certifications by developing the first large-scale empirical investigation based on secondary data on the financial implications of ISO/IEC 27001. Moreover, we further deepen the current knowledge on the effects of international management standards on firms’ performance thus enabling comparisons with other major management system standards.
File in questo prodotto:
File Dimensione Formato  
Podrecca et al., 2022.pdf

non disponibili

Tipologia: Versione Editoriale (PDF)
Licenza: Non pubblico
Dimensione 663.32 kB
Formato Adobe PDF
663.32 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11390/1229824
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 9
  • ???jsp.display-item.citation.isi??? ND
social impact