JOURNAL ARTICLE

COSO Framework Adoption and Cybersecurity Breaches.

  • Published In: Journal of Information Systems, 2026, v. 40, n. 1. P. 47 1 of 3

  • Database: Business Source Ultimate 2 of 3

  • Authored By: Tadesse, Amanuel; Walton, Stephanie; Zhang, Yiyang 3 of 3

Abstract

The COSO 2013 framework presents a substantial change for firms utilizing the previous (1992) internal control framework. Consequently, adopting the updated COSO 2013 framework could expand the reach of information technology controls, particularly relating to a firm's cybersecurity activities. However, the transition and integration of the new framework into existing control systems could fail to meet the framework's guiding principles, potentially increasing a firm's risks. We examine whether COSO 2013 framework adoption is associated with lower cybersecurity risk exposure. We expect and find that COSO framework adoption is associated with lower breach risk, up to three years in the future. We further provide evidence that utilizing the updated framework can benefit a firm's internal control evaluation practices, resulting in the identification of information technology material weaknesses prior to breach occurrence. Our study contributes new knowledge to the burgeoning COSO framework and cybersecurity literatures. [ABSTRACT FROM AUTHOR]

Additional Information

  • Source:Journal of Information Systems. 2026/03, Vol. 40, Issue 1, p47
  • Document Type:Article
  • Subject Area:Information Technology
  • Publication Date:2026
  • ISSN:0888-7985
  • DOI:10.2308/ISYS-2024-044
  • Accession Number:191990238
  • Copyright Statement:Copyright of Journal of Information Systems is the property of American Accounting Association and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Looking to go deeper into this topic? Look for more articles on EBSCOhost.