The Influence of CEO and Board Information Technology Expertise on Large Firms’ Risk of Cyber Breaches
Chi Hon Li, Ryan Krause, Michael C. WithersCyber breaches pose an increasing concern for executives and boards of directors, as they involve the exposure, damage, or loss of critical organizational data. The risk of a cyber breach is particularly acute for large corporations, which are prime targets for cybercriminals due to their vast data reserves. Prior literature has examined the role of CEOs and boards in cybersecurity management. However, their cybersecurity effectiveness may depend on firm size, which can provide more resources but also create challenges such as bureaucracy and resistance to change. To test these theoretical perspectives, this study develops a contingency theory by exploring the moderating role of firm size in the relationship between CEOs with IT functional experience, board interlock ties with technological firms, and the likelihood of cyber breaches. Analyzing a sample of U.S. Fortune 500 public firms from 2009 to 2018, our findings reveal that compared with smaller firms, CEO IT functional experience and board technological ties in larger firms reduce the likelihood of a cyber breach. These effects are also complementary, representing the potential for collaborative IT governance. Our findings provide important insights into IT governance and cybersecurity.1