AIS Security Investment to Mitigate Hacking Risk: The Role of Attitudes, Perceived Norms, and Outcomes

Data breaches experienced by companies such as TJX, Equifax, and Target underscore the importance of accounting information system (AIS) security protection. However, the cost of necessary security may be prohibitive, forcing CFOs to make difficult financial and moral tradeoffs. Our 2x2 randomized experiment varies both the scenario CFO’s investment decision (invest/not) and organizational outcomes (positive/negative). Participant managers judge the scenario CFO’s behavior and make intentions to invest in security themselves. Our findings indicate that perceptions about peers and society drive participant investments in AIS. We also find that as organizational outcomes move from unfavorable to favorable, participants are more forgiving of scenario CFO noninvestment gambling, display weakened moral reasoning, and conveniently alter their investment decisions in lockstep with altered perceptions about how peers and society would behave. In contrast, independent thinkers display strengthened moral reasoning and consistent investment in security patterns irrespective of outcomes.