CCE Theses and Dissertations

Date of Award

2024

Document Type

Dissertation

Degree Name

Doctor of Philosophy in Information Systems (DISS)

Department

College of Computing and Engineering

Advisor

Yair Levy

Committee Member

Laurie Dringus

Committee Member

Junping Sun

Keywords

Cloud SaaS Platforms, Cybersecurity, Data Breach Incidents, Financial Performance, Organizational Investments

Abstract

Prior research indicated that providing inappropriate investment in organizations for Information Technology (IT) security makes these organizations suffer from IT security issues that may cause data breach incidents. Data breaches in cloud Software as a Service (SaaS) platforms lead to the disclosure of sensitive information, which causes disruption of services, damage to the organizational image, or financial losses. Massive data breaches still exist in cloud SaaS platforms which result in data leaks and data theft of customers in organizations.

IT security risks and vulnerabilities cost organizations millions of dollars a year as organizations may face an increase in cybersecurity challenges. The IT security risks and vulnerabilities exploit information through data breaches, which may harm the Confidentiality, Integrity, and Availability (CIA) of data, as well as lead to financial loss and failure of business. Data breaches impact organizational financial performance. Each organization has non-technical employees who do not have experience in cybersecurity. Organizations need to invest in effective cybersecurity activities such as Security Education, Training, and Awareness (SETA) to help their employees stay alert to avoid data breaches.

This study investigated the concepts of organizational financial performance indicators compared to organizations that operated cloud SaaS platforms before and after data breach incidents. IT security vulnerabilities are determined by certain organization's parameters such as technology, processes, and people. The main goal of this study was to empirically compare the role of organizational financial performance indicators on annual revenue, liabilities, and owner’s equity accounts before and after data breach incidents of 100 organizations. The organizations operate cloud SaaS platforms, and they reported in media between 2010 and 2023 that suffered from a data breach incident. This study empirically assessed the investments in cybersecurity as well as financial performance before and after data breach incidents that impacted different organizations. This study also addressed providing appropriate investment in organizations for IT security, which reduces cybersecurity issues that cause data breach incidents.

The research design for this study is defined as a multiple-case study analysis. A quantitative approach was used in this research study to collect and process the data provided as a sequential quantitative-qualitative survey to collect opinions from Subject Matter Experts (SMEs), as well as case samples from the LexusNexis database. This study also addressed the organizational financial performance indicators that may reduce cybersecurity risks and data breaches in cloud SaaS platforms in organizations. This research used an SME survey to first validate the organizational financial performance indicators relevant to organizational cybersecurity posture. Following the SMEs validation, the study used digital research news (LexusNexis database) to evaluate archived data of multiple past cases for data breach incidents in cloud SaaS platforms in different organizations. The multiple case study analysis was completed in two phases, which included a panel of SMEs and a case analysis of 100 organizations.

The results of this study indicated that there were significant differences in the annual budget for cybersecurity on liabilities and owner’s equity account, as well as total expenses on IT on revenue and owner’s equity account before and after a data breach incident. There were no significant differences in the annual budget for cybersecurity on revenue and total expenses on IT on liabilities before and after a data breach incident. There were significant differences in operating activities, investing activities, and financing activities on revenue, liabilities, as well as owner’s equity account before and after a data breach incident. The results also indicated that there were significant differences in revenue, liabilities, and owner’s equity account before and after data breach incident after controlling for number of total victims from a given organizational data breach, total organizational assets, as well as the size of the organization. There were no significant differences in revenue, liabilities, and owner’s equity account before and after a data breach incident after controlling for the U.S. state where the organization is located.

Recommendations for future studies should expand their samples to include more organizations that are located inside and outside of the United States (U.S.). Future studies may include evaluating more past cases of data breaches in cloud SaaS platforms in organizations that suffered from data breach incidents. Future studies may also include proposing the appropriate investment in organizations to reduce data breaches and mitigate cybersecurity risks. The results of this study provided further understanding in the body of knowledge of mitigating data breaches by defining the organizational financial performance indicators that impact the risk of falling victim to such cybersecurity incidents.

Download
Share Feedback

Share

COinS