教育部信息管理与信息系统虚拟教研室系列活动

讲座时间：2026年5月14日下午15:00--17:00

讲座地点：科学园2H425

讲座主题：Breakthrough or Breakdown? General-Purpose GenAI Use and Firm Information Security

讲座嘉宾简介

王乐，西安交通大学经济与金融学院教授，博士生导师，陕西省电子商务与电子政务重点实验室副主任。入选国家级青年人才、陕西省杰青、陕西省三秦学者青年拔尖人才、西安交通大学青年拔尖人才A类。以第一作者或通讯作者在Information Systems Research, Production and Operations Management, 《管理科学学报》《南开管理评论》《光明日报》和《经济日报》等发表论文40余篇。

讲座摘要

As firms integrate general-purpose Generative AI (GenAI) into routine operations, its implications for organizational information security remain unresolved. General-purpose GenAI may strengthen firm security by supporting security-relevant interpretation and response, or undermine it by encouraging overreliance, security workarounds, and sensitive information disclosure; these opposing mechanisms leave its net effect empirically unclear. To adjudicate these competing possibilities, we develop a firm-level measure of GenAI use and analyze 72,553 data breach incidents across 4,608 U.S. publicly listed firms. Drawing on Routine Activity Theory, we argue that GenAI may reshape firm security by altering organizational guardianship and the suitability of firms’ digital assets as breach targets. Using a difference-in-differences approach, we provide large-scale causal evidence that GenAI use reduces corporate data breaches. We further unpack the boundary conditions of this effect along two theoretically relevant dimensions. First, the breach-reducing effect is concentrated among firms with greater attention to information security protection, especially countermeasure-oriented attention, suggesting that GenAI’s security benefits are more likely to materialize when firms have already emphasized safeguards and protective activities. Second, the effect is also concentrated among firms with higher pre-treatment IT control quality, especially along the access/security dimension. This pattern suggests that stronger IT control foundations help translate GenAI’s contextualized guidance into appropriate protective action by making security rules, access restrictions, authorization procedures, and compliance requirements more salient in employees’ routine interactions with information systems. These findings indicate that general-purpose GenAI can strengthen organizational guardianship, but its security benefits depend on firms’ prior security attention and IT control foundations. This study provides firm-level causal evidence on the organizational security consequences of general-purpose GenAI and clarifies when GenAI improves information security performance.