Faculty Research Spotlight: What Are the Risks of IT Innovation?

The rapidly advancing technological world continues to create new growth opportunities for businesses. Corporations across industries are responding positively, adopting new technologies that promise to disrupt the status quo with improved efficiencies and greater processing capabilities.

As corporate implementation of new technology increases, so do the risks. Well-trained cybersecurity professionals can protect companies, mitigating the risks that go hand-in-hand with innovation. Consider, for example, data breaches, which pose costly threats to a company’s reputation and bottom line. 

A data breach is a malicious or accidental leak of confidential or private information to unauthorized parties. A data breach can devastate a company, causing financial harm, brand damage, productivity disruption, and stock value decline. 

UT Knoxville Master of Science in Business Cybersecurity Assistant Professor Daniel Pienta and his co-authors wanted to know more about the risks facing companies that embrace technological advances by asking: Does a company’s level of IT innovativeness affect its risk of data breaches? Their first-of-its-kind research is essential and timely. The average cost of a data breach in 2021 was estimated at $4.24 million—an increase of nearly 10% over the previous year. This study should be required reading for all organizations and their IT departments before they advance their digital footprints.

Study Overview: Exploring the Dark Side of Disruption in IT 

As businesses embrace new technologies, they expose themselves to greater risk of a data breach. Cloud services, networks, database management, email services—businesses become vulnerable to cyberattacks every time they use these technological innovations.

Pienta and his colleagues saw that existing research did not address the “dark side of IT”—how adopting new technologies related to increased security risks. The team’s research focused on two questions: (1) to see whether security risk increased when IT innovativeness increased, and (2) to determine whether the level of existing IT knowledge within the organization affected their data security.

The team defined IT innovation as the introduction of new technologies—such as hardware, software, and communication technologies—that improve the organization’s efficiency and competitiveness. Through an analysis of all ITRC-reported data breaches at U.S. publicly traded companies between 2013 and 2021, Pienta and his colleagues confirmed that when a company’s IT innovativeness rose, so did its risk of data breaches. However, innovation did not automatically equate to data insecurity. The research identified several moderating factors that affected a firm’s potential for risk, some increasing and others decreasing the chances of a breach.

The Impact of IT Innovation on Security 

IT innovation is a type of organizational change. While intended to improve productivity and address new challenges, it can also disrupt business operations and create opportunities for security issues. Pienta’s study identified several ways in which innovative technology implementation can expose a corporation to a data breach:

• Inadequate training on complex new technology can cause employee confusion and result in human errors.
• Blind adoption of an innovation based on industry popularity bypasses the necessity of confirming compatibility with existing operations. 
• Lack of real-world testing and exposure to new products increases challenges in implementing adequate security measures. 
• Implementing new technology can intensify the demand for data processing, collection, storage, and analysis, exposing new areas to breaches.

Mitigating Risk: Internal Expertise & Organizational Structure 

Through their research, Pienta and his colleagues identified two factors impacting the level of security risk innovative companies face: organizational learning and environment. 

Organizational learning is the gathering and transferring of knowledge among employees. When a firm’s organizational learning is high, knowledge is easy to access and share, and performance improves. In contrast, inefficient organizational learning negatively impacts performance. While organizational learning had previously been used to analyze the impact of technological innovation on business operations, Pienta’s study was the first to apply it to information security. The report concluded:

• The risk of data breaches decreases as IT managers’ level of expertise improves. Because security is an essential component of IT education, managers with technical knowledge should also possess cybersecurity capabilities. When organizational learning is effective, managers share this expertise with colleagues, reducing the risk of a security breach.
• Another moderating factor that Pienta and his team proved was that engagement with external boards of cybersecurity experts helped to improve organizational learning and lower security risks. Studies have shown that inter-firm board connections greatly increase the sharing of critical information, strategies, and experiences. Pienta’s data supported the assumption that board relationships containing security knowledge reduce the risk of data breaches.

Pienta and his research associates also considered environmental uncertainty when evaluating moderating factors to innovation and data breaches. Defined as “the degree to which future states of the world cannot be anticipated and accurately predicted,” the report parsed environmental uncertainty into three categories:

• Dynamism: In dynamic environments characterized by unpredictability and volatility, technological change occurs quickly and often. The speed and frequency of changes make it increasingly difficult for firms to address security risks. This theory was not supported by the study.
• Complexity: A complex environment involves many external competitors, pressuring firms to embrace innovative IT to maintain a leading position in the market. Additionally, complexity relates to a large quantity of suppliers and consumers. Both aspects of complexity may elevate risk. This was the only environmental category supported by Pienta’s research.
• Munificence: A munificent market provides ample resources for firms to grow—including IT adoption. Corporations could absorb the costs of breaches more readily in this environment. Relevant data did not support this idea.

Why This Research Matters

Despite the risks involved, businesses must continue to innovate. As technology improves and expands opportunities across all industries, firms must recognize the risks that innovation brings and maximize the moderating factors that reduce those risks. Pienta’s work fills a gap in current research about data security, helping scholars and corporations better understand the risks of innovation and the role of organizational knowledge in reducing the chance of breaches.

In the dynamic and ever-changing technology environment, Pienta’s study demonstrates the need for skilled business cybersecurity professionals to educate organizations as a primary defense against cyber attacks.

Study Alongside Business & Cybersecurity Experts at UTK 

As companies continue to adopt new technologies, the need for cybersecurity experts will grow. Prepare for your career with an MS in Business Cybersecurity from the University of Tennessee, where you will discover today’s latest trends and prepare for tomorrow’s greatest risks from leading business cybersecurity experts and cutting-edge researchers like Daniel Pienta. 

Learn more about UT’s MSBC and our faculty experts. Contact an enrollment advisor to request information or start your application today.