Examining the relationship between firm's financial records and security vulnerabilities

We examine the correlation between firms financial records and vulnerabilities.Financial records are significantly associated with the number of vulnerabilities.There is positive correlation between vulnerabilities and firms size and performance.Vulnerabilities and marketing expenditure are positively correlated.Vulnerabilities and R&D expenditure are negatively correlated. Security vulnerabilities and breaches remain a major concern for firms as they cost billions of dollars in downtime, maintenance and disruptions. Although researchers in the fields of security and vulnerability prediction have made significant contributions, the number of vulnerabilities continues to increase. Contrary to existing vulnerability studies, this research examines vulnerabilities from a financial perspective. We explore whether firms financial records are associated with vulnerabilities. In particular, we examine the correlation between the number of vulnerabilities and each of firms size, financial performance, marketing and sales, and research and development expenditures. The empirical analysis of this study is based on data collected from 89 publicly traded technology firms over a 10-year period. Our results reveal that financial records are significantly associated with vulnerabilities. More specifically, our results show that as technology firms increase their marketing and sales expenditures, the number of vulnerabilities increases as well. Interestingly, the analysis shows that firms can counter this rise by increasing their spending on research and development. We also find a positive correlation between the number of vulnerabilities and each of firms size and performance.

[1]  Rodolphe Ortalo,et al.  Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security , 1999, IEEE Trans. Software Eng..

[2]  Qinyu Liao,et al.  Ransomware: A New Cyber Hijacking Threat to Enterprises , 2009 .

[3]  Laurie A. Williams,et al.  An empirical model to predict security vulnerabilities using code complexity metrics , 2008, ESEM '08.

[4]  Andy Ozment,et al.  Improving vulnerability discovery models , 2007, QoP '07.

[5]  G. Dowling,et al.  Corporate reputation and sustained superior financial performance , 2002 .

[6]  C. Shapiro,et al.  Network Externalities, Competition, and Compatibility , 1985 .

[7]  John H. Friar,et al.  Factors for success in R&D projects and new product innovation: a contextual framework , 1997 .

[8]  Sam Ransbotham,et al.  Are Markets for Vulnerabilities Effective? , 2012, MIS Q..

[9]  Jean-François Henri,et al.  Performance Measurement and Organizational Effectiveness: Bridging the Gap , 2004 .

[10]  Jeff W. Trailer,et al.  Measuring performance in entrepreneurship research , 1996 .

[11]  Robert M. Grant,et al.  Multinationality and Performance among British Manufacturing Companies , 1987 .

[12]  W. G. Shepherd,et al.  The Elements of Market Structure , 1972 .

[13]  V. Pucik,et al.  Relationship between innovativeness, quality, growth, profitability, and market value , 2005 .

[14]  Phillip H. Phan,et al.  Entrepreneurship in Emerging Regions Around the World , 2008 .

[15]  Suresh L. Konda,et al.  The Survivability of Network Systems: An Empirical Analysis , 2000 .

[16]  P. Kotler,et al.  Marketing in the Network Economy , 1999 .

[17]  F. M. Scherer,et al.  The lag structure of returns to research and development , 1982 .

[18]  C. Kemerer,et al.  Network Externalities in Microcomputer Software: An Econometric Analysis of the Spreadsheet Market , 2014 .

[19]  W. W. Muir,et al.  Regression Diagnostics: Identifying Influential Data and Sources of Collinearity , 1980 .

[20]  Douglas J. Miller Firms' technological resources and the performance effects of diversification: A longitudinal study , 2004 .

[21]  Melissa A. Schilling Winning the standards race:: Building installed base and the availability of complementary goods , 1999 .

[22]  Constantin Zopounidis,et al.  Business failure prediction using rough sets , 1999, Eur. J. Oper. Res..

[23]  William A. Arbaugh,et al.  A trend analysis of exploitations , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[24]  Rahul Telang,et al.  An Empirical Analysis of the Impact of Software Vulnerability Announcements on Firm Stock Price , 2007, IEEE Transactions on Software Engineering.

[25]  Ramayya Krishnan,et al.  Software Diversity for Information Security , 2005, WEIS.

[26]  J. Hilbe Negative Binomial Regression: Preface , 2007 .

[27]  Jacob Cohen,et al.  Applied multiple regression/correlation analysis for the behavioral sciences , 1979 .

[28]  Laurie A. Williams,et al.  Evaluating Complexity, Code Churn, and Developer Activity Metrics as Indicators of Software Vulnerabilities , 2011, IEEE Transactions on Software Engineering.

[29]  Bijoy Bordoloi,et al.  A Framework for Assessing the Relationship between Information Technology Investments and Firm Performance , 2000, J. Manag. Inf. Syst..

[30]  E. Penrose The theory of the growth of the firm twenty-five years after , 1960 .

[31]  Yashwant K. Malaiya,et al.  Modeling the vulnerability discovery process , 2005, 16th IEEE International Symposium on Software Reliability Engineering (ISSRE'05).

[32]  Araceli Mora,et al.  The Relationship Between the Comprehensiveness of Corporate Annual Reports and Firm Characteristics in Spain , 1994 .

[33]  R. Grant The Resource-Based Theory of Competitive Advantage: Implications for Strategy Formulation , 1991 .

[34]  Preet S. Aulakh,et al.  Multinationality and Firm Performance: The Moderating Role of R&D and Marketing Capabilities , 2002 .

[35]  W. G. Shepherd On the Core Concepts of Industrial Economics , 1986 .

[36]  Graham K. Morbey,et al.  R&D: Its relationship to company performance , 1988 .

[37]  Barton A. Weitz,et al.  Personal selling and sales management: A relationship marketing perspective , 1999 .

[38]  Mayuram S. Krishnan,et al.  Evaluating the cost of software quality , 1998, CACM.

[39]  J. Baum,et al.  STRATEGIC DECISION SPEED AND FIRM PERFORMANCE , 2003 .

[40]  Omar H. Alhazmi,et al.  Quantitative vulnerability assessment of systems software , 2005, Annual Reliability and Maintainability Symposium, 2005. Proceedings..

[41]  Amel Mammar,et al.  An advanced approach for modeling and detecting software vulnerabilities , 2012, Inf. Softw. Technol..

[42]  Phillip H. Phan,et al.  Entrepreneurship in Emerging Regions Around the World , 2008 .

[43]  Terence Cooke,et al.  Disclosure in the Corporate Annual Reports of Swedish Companies , 1989 .

[44]  James W. Kolari,et al.  Marketing Strategy Implications of the Miles and Snow Strategic Typology , 1987 .

[45]  Stefano Tonchia,et al.  Performance measurement systems - Models, characteristics and measures , 2001 .

[46]  Ross J. Anderson Why information security is hard - an economic perspective , 2001, Seventeenth Annual Computer Security Applications Conference.

[47]  Robert E. Hoskisson,et al.  International Diversification: Effects on Innovation and Firm Performance in Product-Diversified Firms , 1997 .

[48]  Paul J. Verdin,et al.  IS PERFORMANCE DRIVEN BY INDUSTRY- OR FIRM-SPECIFIC FACTORS? A NEW LOOK AT THE EVIDENCE , 2009 .

[49]  J. L. Price,et al.  Handbook of Organizational Measurement , 1975 .

[50]  Marc Dacier,et al.  Quantitative Assessment of Operational Security: Models and Tools * , 1996 .

[51]  R. Chandy,et al.  The Incumbent's Curse? Incumbency, Size, and Radical Product Innovation , 2000 .

[52]  Indrajit Ray,et al.  Measuring, analyzing and predicting security vulnerabilities in software systems , 2007, Comput. Secur..

[53]  Bambang Setiono,et al.  Predicting stock returns using financial statement information , 1998 .

[54]  J. Hagedoorn Inter-firm R&D partnerships: an overview of major trends and patterns since 1960 , 2002 .

[55]  Thiagarajan Ravichandran,et al.  Effect of Information Systems Resources and Capabilities on Firm Performance: A Resource-Based Perspective , 2005, J. Manag. Inf. Syst..

[56]  S. Brammer,et al.  Firm size, organizational visibility and corporate philanthropy: An empirical analysis , 2006 .

[57]  Laurie A. Williams,et al.  A comparison of the efficiency and effectiveness of vulnerability discovery techniques , 2013, Inf. Softw. Technol..

[58]  Angappa Gunasekaran,et al.  Relationship between generic strategies, competitive advantage and organizational performance: an empirical analysis , 1999 .

[59]  Begoña Giner Inchausti The influence of company characteristics and accounting regulation on information disclosed by Spanish firms , 1997 .