UBC Theses and Dissertations
The role of enterprise systems standardization on data breach occurrence Chu, Scott
This study examines the relationship between enterprise systems standardization and data breach occurrence. We argue that the greater degree of compatibility resulting from sourcing enterprise systems modules from fewer vendors (i.e., higher enterprise systems standardization) enables easier management of the implemented modules and creates less cybersecurity risks. To test our hypothesis, we use a panel dataset from 2007 to 2017 constructed from the Aberdeen Computer Intelligence Technology Database, Advisen Cyber Loss Database, and Compustat. We find enterprise systems standardization to be negatively related to data breach occurrence. However, when we drill down to different data breach types, we only find enterprise systems standardization to be negatively related to data breaches that are caused by perpetrators external to the firm or data breaches that involve the compromise of individuals’ data. To address endogeneity concerns, we implement an instrumental variable approach which allows us to be more confident that our results better represent a causal relationship. While there is no conclusive evidence that indicates whether sourcing enterprise systems modules from fewer vendors is generally advantageous or disadvantageous, to the best of our knowledge, our findings suggest that sourcing modules from fewer vendors is, at least, advantageous from a cybersecurity standpoint.
Item Citations and Data
Attribution-NonCommercial-NoDerivatives 4.0 International