CCE Theses and Dissertations

Date of Award

2021

Document Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

College of Computing and Engineering

Advisor

Gurvirender P. Tejay

Committee Member

Ling Wang

Committee Member

Steven R. Terrell

Keywords

information privacy, information security, information system privacy, information systems, privacy, privacy and security

Abstract

The primary objective of any corporate entity is generating as much wealth as possible. Investing financially in technology domains has historically been a successful strategy for generating increased corporate and shareholder wealth. However, investments in Information Technology (IT), Information Systems (IS) and Information Security (InfoSec) to specifically generate increased wealth must be implemented carefully.

Shareholders reacting to corporate investments perceive financial value from individual investments. The investment’s perceived value is then reflected in the corporation’s updated stock market value. IS, IT, and InfoSec investments perceived to possess positive financial value, indicating strong potential for increased wealth, are rewarded by shareholders through increased stock market value; conversely, investments perceived to possess negative financial value, likely to decrease corporate wealth, are punished by shareholders through decreased stock market value.

Previous research utilizing Event Study Methodology (ESM) determined financial impact that investments had on corporate stock market value after press release announcements identifying the investment. Based on early success across various domains, additional Event Study Research (ESR) was further conducted within IS, IT, and InfoSec. Most studies aligned into one of three categories: 1) Investments in IT, 2) Information Security Breaches, and 3) IT Outsourcing, and similarly measured changes in market value from corporate investments in related IS, IT, and InfoSec products and services.

Examination of the extant body of literature identified a gap within the Privacy domain; minimal ESR examining privacy and the financial impact from corporate investments in privacy. While financial loss associated with a breach incident is identified as the motivating force driving increased corporate investments in defensive measures, “privacy” is identified as a singular construct with little concern for the associated invasion of privacy. As such, little is known about privacy, potential financial risks associated with a privacy breach, nor an understanding of why corporations are not investing in privacy.

This research extends the body of literature and makes an academic contribution by: 1) using ESM to identify the financial and overall stock market implications from corporate investments in privacy, 2) identifying the economic incentives motivating corporate investments in privacy, and 3) gaining a better overall understating of corporate investments in privacy, and why corporations are not investing in privacy.

Share

COinS