Impact of Information Security Management System on Firm Financial Performance: Perspective of Corporate Reputation and Branding

Abstract

The immense organizational emphasis on information technology (IT), combined with the growing impact of information security issues, has inflated information security to the top list of management’s priorities. The ISO 27001 standard defines the requirements for an effective information security management system (ISMS). However, the implementation of ISMS not only maximizes firm performance directly, but it can also have a significant impact in different contexts. We investigated whether ISMS implementation can benefit organizations financially by contributing to corporate reputation and branding in this study. With samples from 171 Pakistani firms, we examined firm performance after ISMS ISO 27001 certification. Compatible with our expectations, we discovered strong evidence that ISMS implementation benefited certified firms in terms of high corporate reputation, brand and branding, and financial performance.