Impact of Security Management Activities on Corporate Performance

The digital business environment is rapidly evolving with advancements in information technology (IT), increasing the risk of information security incidents. Grounded in the resource-based view and in contingency theory, this study adopts a different approach from prior research by conceptualizing security management activities not as mere risk control mechanisms, but as strategic innovation drivers that can enhance corporate performance (sales revenue and operating profit). The authors develop a research model with six independent variables, including internal and external security management activities, CISO role configuration (independent or dual-role with CIO), and investment levels in IT and information security. The dependent variables include sales revenue and operating profit, with ISMS or ISO certification as a moderating variable. Using information security (IS) disclosures and financial data from 545 Korean firms that have reported their security management activities to the Ministry of Science and ICT, multiple regression and moderation analyses reveal that high IT investment negatively impacts performance, but this effect is mitigated when formal security systems, like ISMS or ISO, are in place. The results suggest that integrating recognized security frameworks into management strategies can enhance both innovation and financial outcomes, encouraging a proactive approach to security management.