Strategic Roles of IT Modernization and Cloud Migration in Reducing Cybersecurity Risks of Organizations: The Case of U.S. Federal Government

39 Pages Posted: 18 Mar 2017 Last revised: 15 May 2020

See all articles by Min-Seok Pang

Min-Seok Pang

Temple University - Department of Management Information Systems

Hüseyin Tanriverdi

University of Texas at Austin - Red McCombs School of Business

Date Written: February 27, 2019

Abstract

Many organizations rely on decade-old legacy IT systems, which were not designed to address contemporary cybersecurity risks, to run their core business operations. Some professionals argue that the legacy systems significantly increase security incidents in the organizations. Other professionals disagree with this claim and argue that the legacy systems are “secure by antiquity”; due to lack of adequate documentation on the legacy systems, they argue that it is very difficult and costly for potential attackers to discover and exploit security vulnerabilities in the systems. To the best of our knowledge, there is a shortage of theory and empirical evidence in the literature to explain if and how legacy systems affect security risks. We build on routine activity theory to address these questions. We choose the U.S. federal government as our empirical context of inquiry. We find that federal agencies that have more legacy IT systems experience more frequent security incidents than ones with more modern IT systems. A 1%-point increase in investments in new IT system development is associated with a 5.6% decrease in the number of security incidents. Furthermore, migration of the legacy systems to the cloud is negatively associated with security incidents. These findings contribute to the literature on strategic information systems management by providing new theory and empirical evidence that counter the “security by antiquity” argument.

Keywords: Security risks, Legacy IT systems, IT modernization, Migration to the cloud, U.S. federal government

Suggested Citation

Pang, Min-Seok and Tanriverdi, Huseyin, Strategic Roles of IT Modernization and Cloud Migration in Reducing Cybersecurity Risks of Organizations: The Case of U.S. Federal Government (February 27, 2019). Fox School of Business Research Paper No. 17-017, Available at SSRN: https://ssrn.com/abstract=2933577 or http://dx.doi.org/10.2139/ssrn.2933577

Min-Seok Pang (Contact Author)

Temple University - Department of Management Information Systems ( email )

1810 N. 13th Street
Floor 2
Philadelphia, PA 19128
United States
215-204-3059 (Phone)

HOME PAGE: http://sites.google.com/site/minspang

Huseyin Tanriverdi

University of Texas at Austin - Red McCombs School of Business ( email )

Austin, TX 78712
United States

Here is the Coronavirus
related research on SSRN

Paper statistics

Downloads
540
Abstract Views
3,387
rank
58,801
PlumX Metrics