John D’Arcy, a professor of management information systems (MIS) in the Department of Accounting & MIS at the University of Delaware’s Alfred Lerner College of Business and Economics since 2012, teaches undergraduate and graduate courses in cybersecurity and IT risk management. His research focuses on cybersecurity management, including behavioral factors and firm-level causes and consequences of IT security failures, such as data breaches.
D’Arcy was an Associate Editor at MIS Quarterly from 2017-21, earning an Outstanding Associate Editor Award in 2019. He was promoted to Senior Editor in 2022 and was recently reappointed to a second term in the role. D’Arcy joins Lerner MIS Professor Xiao Fang, who is also a Senior Editor at MIS Quarterly.
Lerner recently spoke with D’Arcy about his teaching path and his editor roles at MIS Quarterly.
Lerner: Your primary area of research has been cybersecurity – what sparked your interest in that area?
D’Arcy: I was completing my Ph.D. at Temple University (from 2001-05), and a couple years in I started looking for a dissertation topic. I was a research assistant for a faculty member who wanted to start doing research in cybersecurity, so I was given the task of looking up current articles on cybersecurity and understanding the literature in that area. She was interested in doing a project looking at the stock market impact of companies that got hit by security breaches, and I’ve published a couple papers in that area. Do they get negatively affected by having a security breach, and what’s the magnitude of the stock market impact? Having to do that work and study the cybersecurity literature as part of my assignment, I gained some knowledge in that area. When it became time for me to do my Ph.D. dissertation, I gravitated toward cybersecurity because I had already done a couple years of familiarizing myself with the related literature. So I’m really grateful to my Ph.D. advisor for steering me down that path and having me work in an area that has withstood the test of time in terms of relevance.
Lerner: When you started you probably couldn’t have imagined how much this field has grown into numerous other areas.
D’Arcy: Exactly. I’ve been fortunate that it’s also providing me an area for courses to teach. So, yeah, I didn’t foresee it. I thought cybersecurity seemed like an interesting area, but it’s just taken off and become an area of increasing importance, even from a societal level.
Lerner: Why do you enjoy teaching cybersecurity and IT risk management classes at UD? Why is it important for students to learn about those areas?
D’Arcy: Cybersecurity has become a fundamental business issue over the last decade. Initially it was thought that it was the concern of the information technology folks in the organization and understanding security risks, but now it’s grown in importance. We see things like a major data breach at Target that happened back in 2015, which caused its CEO to resign. These are business issues that affect all facets of the organization; it’s not just this narrow information technology-based issue. I think that’s something important for all our business students to understand – that cybersecurity, and understanding the risks, even if you’re not an MIS major or going into the IT field, it’s an important area.
I enjoy it because it’s constantly changing and emerging. Now, as we enter this era of AI, we’ve got all these new cybersecurity threats that have come about due to the proliferation of AI tools. Phishing attacks are becoming much more sophisticated with the help of AI tools. Writing insecure code and hacking are being amplified with the use of AI tools.
If you talk to any cybersecurity professional that works in an organization, it’s a daily fight. There’s work involved on my end with the academic side to keep up with things and stay abreast of what’s going on. But one of the core reasons why I really enjoy it is that it keeps you on your toes. It’s not a stale topic.
Lerner: How did you get involved as an Associate Editor at MIS Quarterly in 2017? How were you promoted to Senior Editor in 2022?
D’Arcy: This shifts over to the research side of things that I do. MIS Quarterly is generally considered the preeminent journal in the field of management information systems. When I got my first top tier publication out of my dissertation work, meaning one of my works was published in a top journal, inevitably, editors of journals get to know your name and they start asking you to review. So back around 2009-10 I started to get asked to review as part of the peer review process for these top journals, MIS Quarterly being one of them.
I did a lot of review work from 2010-16, and I won a reviewer of the year award at MIS Quarterly. I think that put me on the map, where a lot of the editors of the journal said this person is a good reviewer, he’s knowledgeable in this area, and he does developmental quality reviews.
Once I established a base of being a good reviewer, and again winning that award helped, I was appointed an associate editor, which is one level down from a senior editor. It’s the person with the journal that picks the reviewers and provides their assessment of the paper. The senior editor makes the final decision for if a paper gets published.
I was appointed an associate editor in 2017 and ended up winning an award for the top associate editor at MIS Quarterly while doing that for five years, which I think that really helped me become a senior editor.
Getting promoted to senior editor comes about by doing high quality work as an associate editor. And it’s a lot of work, mostly coming after hours. A lot of this work, at least at the time, doesn’t feel like you’re particularly getting rewarded for it, but from a professional development perspective, and in terms of elevating your standing in the field, is very important. I always tell PhD students or junior faculty, if you get asked to review for the top journals, definitely do it, because that’s a way to get your name out there. And if you strive to eventually be an editor at one of these journals, it’s one of the necessary steps, in addition to having good quality research on your own. Doing this review work will hopefully lead to someday being either an associate editor or senior editor at one of these journals.
Lerner: What is the typical time commitment for these roles? What are the benefits?
D’Arcy: As an associate editor, you’ll handle about 20 papers a year that get sent to you by a senior editor. Then you must find reviewers, usually three per paper, get the reviews in, and then make your own decision whether you think the paper should potentially be published and move forward for another round of revision. So the job of an associate editor is to know the reviewers and understand the pool of appropriate academics who would be qualified to review certain types of work.
The workload ebbs and flows. There are some weeks where it could be 10 to 20 hours, others not as much. Now, as a senior editor, I’m handling about 35 papers a year, and there are certain weeks where it’s a significant amount of time.
I do this because this is my brand in the field, and it gets my name out there as a thought leader. But additionally, in handling all these papers, you see the top work that’s being done in your field. You’re getting access behind the scenes to all the latest and greatest research being done in that area, in terms of what people are submitting to the top journal.
Lerner: What is the percentage of submitted papers that are approved for the journal?
D’Arcy: At MIS Quarterly it’s around 5 to 8 percent. I’ve handled 70 papers since the beginning of 2022, and so far, I’ve only accepted around five. So you’re spending a lot of time on papers that will be rejected, but it’s considered professional service to the field. At MIS Quarterly we try to be developmental – so if a paper is going to get rejected, here’s some hopefully valuable feedback to help you continue to work on that area and maybe prepare it for another outlet.
Lerner: What else does the senior editor role entail?
D’Arcy: We also participate in workshops where we try to help authors craft papers and help people become better reviewers. So there is various work throughout the course of the appointment that’s required of either an associate or senior editor.
Lerner: How were you recently reappointed to the role?
D’Arcy: Getting reappointed is based on the quality of the work you’ve done as a senior editor. The journal’s editor in chief is the one person who makes the decision in terms of who’s going to be on the editorial board. She reappointed me for another three years based on the quality of my work, and I think it’s also due to my standing in the field as a thought leader when it comes to academic research in the area of cybersecurity, and more broadly in other areas of information systems like privacy and AI.
Lerner: Your colleague Xiao Fang is also a Senior Editor at MIS Quarterly. What does it say about Lerner’s MIS program that UD is one of just three universities (along with University of Hong Kong and University of Texas, Dallas) represented by two current Senior Editors?
D’Arcy: To have two senior editors from the same department at the same top journal, particularly MIS Quarterly, is pretty unique. It’s great for our scholarly reputation, and for our standing in the field. It gets our name out there, particularly our Department of Accounting & MIS, so there are a lot of benefits. The reasons you get these appointments are because you’re a good editor and your scholarly work is top notch. It shows that Xiao and I have good reputations in the field, and the impact of our work and it being recognized. It also more broadly speaks to the strong and growing research reputation of Lerner College. Both Xiao and I are very proud to serve the profession in our editorial roles.