The proposed research integrates theories of demand-driven innovation and market value creation to explain (i) the role of demand in driving innovation in information security and (ii) the role of innovation in projecting firm performance thus determining firm market value. Time series and event study analyses are applied to show that malicious attacks, primarily those that exploit software vulnerabilities, create more demand for security firms' products and services, in turn driving additional innovation and generating more demand. It is also shown that innovation by information security firms boosts investors’ confidence. Additional findings, based on a trend analysis and pilot study, suggest that regulations and standards are a key driver of demand for information security products and services. We propose supplementing the latter study with interviews of decision makers at US firms to further understand the drivers of innovation in the information security area.
[1]
Daniel A. Levinthal,et al.
Demand Heterogeneity and Technology Evolution: Implications for Product and Process Innovation
,
2001,
Manag. Sci..
[2]
Kevin B. Hendricks,et al.
The effect of supply chain glitches on shareholder wealth
,
2003
.
[3]
Ramon Casadesus-Masanell,et al.
Dynamic Mixed Duopoly: A Model Motivated by Linux vs. Windows
,
2003,
Manag. Sci..
[4]
Lee Dittmar,et al.
The unexpected benefits of Sarbanes-Oxley.
,
2006,
Harvard business review.
[5]
R. Calantone,et al.
Information system innovations and supply chain management: Channel relationships and firm performance
,
2006
.
[6]
Lara Khansa,et al.
The Influence of Regulations on Innovation in Information Security
,
2007,
AMCIS.