The Influence of Regulations on Innovation in Information Security

We postulate that regulatory compliance pressures that have forced information security out of obscurity and into the corporate boardroom provide economic justification for information security firms to innovate. We aim to establish the link between regulations and innovation through the intermediary of demand for information security products and services. First, we show from the results of a pilot study of US firms that regulations do indeed bolster demand for information security products and services. Next, we use time series methods to further confirm these results and to establish a strong correlation between demand and innovation, proxied by R&D expenses. The results show that demand is highly correlated with innovation (correlation of 0.516) and that it significantly increases around the timing of major information security regulations and standards (t-stat of 2.2 at a 95% confidence level). Motivated by these findings, we argue in favor of regulating the IT industry, which includes the information security sector, not through imposing punitive regimes but rather by providing incentives to IT producers, thus stimulating technological, process, and organizational innovations.

[1]  Bronwyn H Hall,et al.  Market value and patent citations , 2005 .

[2]  G. Tellis,et al.  Research on Innovation: A Review and Agenda for Marketing Science , 2006 .

[3]  Rahul Telang,et al.  Research Note - Sell First, Fix Later: Impact of Patching on Software Quality , 2006, Manag. Sci..

[4]  R. Calantone,et al.  Information system innovations and supply chain management: Channel relationships and firm performance , 2006 .

[5]  Bongsug Chae,et al.  Consumer Information use and Misuse in Electronic Business: An Alternative to Privacy Regulation , 2006, Inf. Syst. Manag..

[6]  Sandra J. Milberg,et al.  Information Privacy: Corporate Management and National Regulation , 2000 .

[7]  E. Burton Swanson,et al.  Innovating Mindfully with Information Technology , 2004, MIS Q..

[8]  Sonali K. Shah Motivation, Governance, and the Viability of Hybrid Forms in Open Source Software Development , 2006, Manag. Sci..

[9]  Douglas S Bell,et al.  Electronic Prescribing and HIPAA Privacy Regulation , 2004, Inquiry : a journal of medical care organization, provision and financing.

[10]  Sebastiaan H. von Solms,et al.  Information Security - The Fourth Wave , 2006, Comput. Secur..

[11]  Hean Tat Keh,et al.  The effects of R&D and advertising on firm value: an examination of manufacturing and nonmanufacturing firms , 2005, IEEE Transactions on Engineering Management.

[12]  Daniel A. Levinthal,et al.  Demand Heterogeneity and Technology Evolution: Implications for Product and Process Innovation , 2001, Manag. Sci..

[13]  Jacob Schmookler,et al.  Invention and Economic Growth , 1967 .

[14]  Raimar Richers The theory of economic development , 1961 .

[15]  Lee Dittmar,et al.  The unexpected benefits of Sarbanes-Oxley. , 2006, Harvard business review.

[16]  E. Eugene Schultz Sarbanes-Oxley - a huge boon to information security in the US , 2004, Comput. Secur..

[17]  Dan Ionescu,et al.  Privacy and security shield for health information systems (e-Health) , 2002, Proceedings of the 35th Annual Hawaii International Conference on System Sciences.

[18]  T. Giordano,et al.  The Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy rule: implications for clinical research. , 2006, Annual review of medicine.