Information Security Governance and Capital Market Stability:  Empirical Evidence Based on ISO27001 Certification

Collected Essays on Finance and Economics ›› 2025, Vol. 41 ›› Issue (4): 77-86.

Previous Articles Next Articles

Information Security Governance and Capital Market Stability: Empirical Evidence Based on ISO27001 Certification

HUANG Hongyan¹, ZHANG Dunli²

1. School of Accounting, Fujian Jiangxia University, Fuzhou 350108, China;
2. School of Accounting, Zhongnan University of Economics and Law, Wuhan 430073, China

Received:2024-08-10 Online:2025-04-10 Published:2025-04-11

信息安全治理与资本市场稳定——基于ISO27001认证的经验证据

黄鸿燕¹, 张敦力²

1.福建江夏学院会计学院,福建福州 350108;
2.中南财经政法大学会计学院,湖北武汉 430073

通讯作者: 张敦力(1971—),男,安徽庐江人,中南财经政法大学会计学院教授
作者简介:黄鸿燕(1991—),女,福建罗源人,福建江夏学院会计学院讲师
基金资助:
财政部“会计名家工程”支持项目;福建省社会科学基金项目(FJ2024C080);福建江夏学院校级科研项目(JXS2022011)

Abstract

Abstract: This paper takes China's listed companies from 2011 to 2022 as research samples and manually collects enterprise ISO27001 certification data to examine the impact of information security governance on enterprise stock price crash risk. The results show that improving the level of information security governance through ISO27001 certification can reduce the risk of stock price crash. The mechanism test shows that ISO27001 certification has a governance effect internally, which can improve the level of internal control of enterprises. Meanwhile, ISO27001 certification has an expected effect externally, as a credible commitment to future information security risk responsibility, which can improve market expectations. Heterogeneity analysis results show that ISO27001 certification plays a more significant role in stabilizing the capital market when business complexity is high and governance level is low. This paper not only theoretically expands the relevant research on the effect of information security governance and the risk mitigation mechanism of stock price crash, but also provides a basis for promoting the smooth operation of the capital market by using enterprise information security governance in practice.

Key words: Information Security Governance, ISO27001 Certification, Capital Market Stability

摘要： 本文以2011—2022年我国上市公司为研究样本,手工收集企业ISO27001认证数据,实证检验信息安全治理对企业股价崩盘风险的影响。研究结果表明,企业通过ISO27001认证提高信息安全治理水平会降低股价崩盘风险,促进资本市场平稳运行。机制检验表明,ISO27001认证对内具有治理效应,能够提高企业内控水平,增进有效的沟通;对外具有预期效应,作为一项企业未来信息安全风险承担责任的可置信承诺,可改善市场预期。异质性分析结果表明,当企业业务复杂度较高、治理水平较低时,ISO27001认证对稳定资本市场的作用更加显著。本文不仅在理论上拓展了信息安全治理影响效应和股价崩盘风险缓解机制的相关研究,而且在实践上能够为利用企业信息安全治理推动资本市场平稳运行提供依据。

关键词: 信息安全治理, ISO27001认证, 资本市场稳定

CLC Number:

F208

HUANG Hongyan, ZHANG Dunli. Information Security Governance and Capital Market Stability: Empirical Evidence Based on ISO27001 Certification[J]. Collected Essays on Finance and Economics, 2025, 41(4): 77-86.

黄鸿燕, 张敦力. 信息安全治理与资本市场稳定——基于ISO27001认证的经验证据[J]. 财经论丛, 2025, 41(4): 77-86.

References

[1] Hutton A. P., Marcus A., Tehranian H. Opaque Financial Reports, R² and Crash Risk[J]. Journal of Financial Economics, 2009, 94: 67-86.
[2] 张钦成, 杨明增. 企业数字化转型与内部控制质量——基于“两化融合”贯标试点的准自然实验[J]. 审计研究, 2022, (6): 117-128.
[3] Huang H. H., Wang C. Do Banks Price Firms' Data Breaches?[J]. The Accounting Review, 2021, 96(3): 261-286.
[4] 王辉, 何冬昕, 陈旭, 等. 网络安全治理与股价崩盘风险——基于上市公司年报文本分析的证据[J]. 金融评论, 2024, (1): 86-106.
[5] Kim J. B., Li Y. H., Zhang L. D. Corporate Tax Avoidance and Stock Price Crash Risk: Firm-level Analysis[J]. Journal of Financial Economics, 2011, 100(3): 639-662.
[6] 彭俞超, 倪骁然, 沈吉. 企业“脱实向虚”与金融市场稳定——基于股价崩盘风险的视角[J]. 经济研究, 2018, (10): 50-66.
[7] 杨威, 宋敏, 冯科. 并购商誉、投资者过度反应与股价泡沫及崩盘[J]. 中国工业经济, 2018, (6): 156-173.
[8] 夏常源, 贾凡胜. 控股股东股权质押与股价崩盘: “实际伤害”还是“情绪宣泄”[J]. 南开管理评论, 2019, (5): 165-177.
[9] Morse E. A., Raval V., Wingender J. R. Market Price Effects of Data Security Breaches[J]. Information Security Journal: A Global Perspective, 2011, 20(6): 263-273.
[10] Chai S., Kim M., Rao H. R. Firms' Information Security Investment Decisions: Stock Market Evidence of Investors' Behavior[J]. Decision Support Systems, 2011, 50(4): 651-661.
[11] Florackis C., Louca C., Michaely R., et al. Cybersecurity Risk[J]. The Review of Financial Studies, 2023, 36: 351-407.
[12] Podrecca M., Culot G., Nassimbeni G., et al. Information Security and Value Creation: The Performance Implications of ISO/IEC 27001[J]. Computers in Industry, 2022, 142: 103744.
[13] Li C., Peters G. F., Richardson V. J., et al. The Consequences of Information Technology Control Weaknesses on Management Information Systems: The Case of Sarbanes-Oxley Internal Control Reports[J]. MIS Quarterly, 2012, 36(1) : 179-203.
[14] 甄杰, 董坤祥. 企业数字化转型中信息安全治理影响因素研究——基于解释结构模型的分析[J]. 经济与管理, 2024, (5): 33-40.
[15] Cremonini M., Nizovtsev D. Risks and Benefits of Signaling Information System Characteristics to Strategic Attackers[J]. Journal of Management Information Systems, 2009, 26(3): 241-274.
[16] Martin K. D., Borah A., Palmatier R. W. Data Privacy: Effects on Customer and Firm Performance[J]. Journal of Marketing, 2017, 81(1): 36-58.
[17] Wu W., Shi K., Wu C. H., et al. Research on the Impact of Information Security Certification and Concealment on Financial Performance: Impact of ISO 27001 and Concealment on Performance[J]. Journal of Global Information Management, 2021, 30(3): 16.
[18] Alghamdi S., Than W. K., Vlahu-Gjorgievska E. Information Security Governance Challenges and Critical Success Factors: Systematic Review[J]. Computers & Security, 2020, 99: 102030.
[19] Ashraf M., Sunder J. Can Shareholders Benefit from Consumer Protection Disclosure Mandates? Evidence from Data Breach Disclosure Laws[J]. The Accounting Review, 2023, 98(4): 1-32.
[20] 胡瑾瑾, 赵雪峰, 吴德林, 等. 企业数字化转型对股价崩盘风险预测研究——基于ED-SPCBoost模型[J]. 管理评论, 2023, (8): 15-30.
[21] 宋献中, 胡珺, 李四海. 社会责任信息披露与股价崩盘风险——基于信息效应与声誉保险效应的路径分析[J]. 金融研究, 2017, (4): 161-175.
[22] Godfrey P. C., Merrill C. B., Hansen J. M. The Relationship between Corporate Social Responsibility and Shareholder Value: An Empirical Test of the Risk Management Hypothesis[J]. Strategic Management Journal, 2009, 30(4): 425-445.
[23] Hasan M. M., Taylor G., Richardson G. Brand Capital and Stock Price Crash Risk[J]. Management Science, 2022, 68(10): 7221-7247.
[24] 黄萍萍, 李四海. 社会责任报告语调与股价崩盘风险 [J]. 审计与经济研究, 2020, (1): 69-78.
[25] Dimson E. Risk Measurement when Shares are Subject to Infrequent Trading[J]. Journal of Financial Economics, 1979, 7(2): 197-226.
[26] 叶陈刚, 裘丽, 张立娟. 公司治理结构、内部控制质量与企业财务绩效[J]. 审计研究, 2016, (2): 104-112.
[27] Shleifer A., Vishny R. The Limits of Arbitrage[J]. Journal of Finance, 1997, 52(1): 35-55.
[28] 罗琦, 张志达, 吴希梅, 等. 股利情绪、股利迎合与股价崩盘风险——基于百度指数平台搜索量的经验证据[J]. 管理科学学报, 2023, (2): 87-103.
[29] 马慧, 陈胜蓝. 企业数字化转型、坏消息隐藏与股价崩盘风险[J]. 会计研究, 2022, (10): 31-44.
[30] 张学勇, 廖理. 股权分置改革、自愿性信息披露与公司治理[J]. 经济研究, 2010, (4): 28-39, 53.

Information Security Governance and Capital Market Stability: Empirical Evidence Based on ISO27001 Certification

信息安全治理与资本市场稳定——基于ISO27001认证的经验证据

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 1

Recommended Articles

Metrics