Intellectual Structure of Business Analytics and Data Driven Insights for Information Security Breaches

Abstract

Recent decades have exhibited phenomenal surges in not only in the amount of data generated globally but also in the methods used for analyzing data. Cybersecurity breaches have also increased in recent years. This dissertation explores these two important trends and topics in the information systems discipline: analytics and information security. In the first essay, I use a data science approach—analyzing research articles published in eight journals—to study the intellectual structure of business analytics (BA) within the information systems research community by analyzing research articles published in IS senior scholar’s basket of eight journals. I employ citation count to identify reference disciplines, bibliographic coupling to clustering articles; and inter-citation counts to explore citation patterns. I also employ topic modeling to identify themes in the corpus of abstracts. Finally, I analyze social network using Exponential Random Graph Modeling (ERGM) to test the homophily effects for the co-authorship network. Information systems, computer science, general management, and economics are the most prominent reference disciplines. Predictive analytics, business intelligence, the Web, information technology (IT) management, firm performance, and decision support are important themes latent in the article abstracts. From the analyses of the co-authorship network for 184 unique authors, I found homophily based on continental affiliation (North American versus European institutions), departmental affiliations, and Ph.D.-granting institutions and university affiliation. The second essay employs a data science approach to measure a firm’s business relatedness and then tests its relationship with the firm’s correlated risk in information security breaches. Using the Quadratic Assignment Procedure (MR-QAP) social network analysis (SNA) technique, I analyzed a network of 33 firms, all of which were breached within the last ten years. The data are available publicly in a dataset that documents cybersecurity breaches. Certain measures of firm similarities (business description and security risk factors) derived from the textual contents of their respective Securities and Exchange Commission (SEC) 10-K filings were found to be significantly correlated with their potential for breach. The similarity of firms based on two-digit Standard Industry Classification (SIC) codes and research and development (R&D) expenditure (as a proxy for a firm’s absorptive capacity) were also found to be significant. The final essay performs specific and thorough analysis of insider security breaches, which entail security breaches carried out by current or past employees. This study aims to construct a theoretical understanding of insider breaches from the perspectives of employees. I draw on conservation of resources theory, social bonding theory, workplace deviance, and several motivation theories from organizational psychology to propose several hypotheses and to explain the results. I also consult reviews and ratings from a well-known job website, Glassdoor (www.glassdoor.com), for 71 public firms (40 breached and 31 non-breached). Analyses of textual reviews are carried out using IBM Watson’s Tone Analyzer. Overall rating and rating for compensation and benefits from Glassdoor were found to be significantly correlated with the probability of breach using logistic regression analysis. My research also shows that the emotional tones of joy, fear, and anxiety are significant for an organization’s potential to be affected by insider breach.