기업의 정보보호활동이 기업가치에 미치는 영향:지속가능경영보고서 텍스트 분석을 이용하여
The Impact of Information Security Activities on Firm Value: By Using Sustainability Reports
김향단(한양대학교); 김민혜(한양대학교); 백승익(한양대학교); 진웅철(한양대학교)
23권 6호, 19~37쪽
초록
As companies increasingly utilize various information and communication technologies, vast amounts of data are being generated every day from their business activities. In oredr to leverage this data and create added value, companies have invested significant time and resources. In the process, information security issues have emerged as a major societal concern. We have already experienced through a series of recent incidents that if a company fails to properly manage the data it holds and it leaks to the wrong parties, it can cause significant harm not only to the company but also to its customers. In this study, we empirically explored the impact of a company’s information security activities on its future value and present value. Many previous studies have explored the impact on corporate value through surveys of employees to highlight the importance of information security. However, this approach has significant limitations in objectively and systematically assessing the extent of a company’s security activities. In this study, we identified the content and extent of a company’s information security activities through text analysis of the “Sustainability Reports” published annually by companies. We then explored the impact of these security activities on corporate value. The text analysis of 171 reports from 57 companies included in the KOSPI 200 over three years revealed that only personal information protection activities had a statistically significant impact on future corporate value, and all information security activities (management/physical/technical activities) had a statistically significant impact on present corporate value. This research reaffirmed that information security activities significantly impact not only the current value of a company but also company’s future value. In addition, it is expected that this study will provide concrete insights into which specific information security activities influence a company’s value for those organizations aiming to establish security policies.
Abstract
As companies increasingly utilize various information and communication technologies, vast amounts of data are being generated every day from their business activities. In oredr to leverage this data and create added value, companies have invested significant time and resources. In the process, information security issues have emerged as a major societal concern. We have already experienced through a series of recent incidents that if a company fails to properly manage the data it holds and it leaks to the wrong parties, it can cause significant harm not only to the company but also to its customers. In this study, we empirically explored the impact of a company’s information security activities on its future value and present value. Many previous studies have explored the impact on corporate value through surveys of employees to highlight the importance of information security. However, this approach has significant limitations in objectively and systematically assessing the extent of a company’s security activities. In this study, we identified the content and extent of a company’s information security activities through text analysis of the “Sustainability Reports” published annually by companies. We then explored the impact of these security activities on corporate value. The text analysis of 171 reports from 57 companies included in the KOSPI 200 over three years revealed that only personal information protection activities had a statistically significant impact on future corporate value, and all information security activities (management/physical/technical activities) had a statistically significant impact on present corporate value. This research reaffirmed that information security activities significantly impact not only the current value of a company but also company’s future value. In addition, it is expected that this study will provide concrete insights into which specific information security activities influence a company’s value for those organizations aiming to establish security policies.
- 발행기관:
- 한국IT서비스학회
- 분류:
- 경영과학