Exploring Contrasting Effects of Trust in Organizational Security Practices and Protective Structures on Employees' Security-Related Precaution Taking
成果类型:
Article
署名作者:
Greulich, Malte; Lins, Sebastian; Pienta, Daniel; Thatcher, Jason Bennett; Sunyaeva, Ali
署名单位:
Helmholtz Association; Karlsruhe Institute of Technology; University of Tennessee System; University of Tennessee Knoxville; University of Colorado System; University of Colorado Boulder; University of Manchester; Alliance Manchester Business School
刊物名称:
INFORMATION SYSTEMS RESEARCH
ISSN/ISSBN:
1047-7047
DOI:
10.1287/isre.2021.0528
发表日期:
2024
页码:
1586-1608
关键词:
information-systems security
policy compliance
METHOD VARIANCE
FIT INDEXES
dark side
MINDFULNESS
behaviors
threats
COMMITMENT
deterrence
摘要:
Employees' precautionary security behaviors are vital to the effective protection of organizations from cybersecurity threats. Despite substantial security training efforts, employees frequently do not take security precautions. This study draws from trust theory and mindfulness theory to investigate how the bright- and dark-side effects of two conceptualizations of trust in organizational information security impact employees' precaution taking. Insights drawn from a survey of 380 organizational employees suggest that employees who trust their organization's security practices are more committed and less complacent in protecting their organization and more likely to take security precautions. In contrast, we find evidence of the dark-side effect of employees' trust in organizational protective structures by showing that such trust can lead to complacency regarding security. Analyses indicate that security mindfulness mediates the influence of security complacency and security commitment on precaution taking. These results highlight the crucial roles of security commitment, security complacency, and security mindfulness in shaping employees' precaution taking. This study contributes to information security research by providing empirical evidence concerning the simultaneous bright- and dark-side effects of employees' trust in organizational information security, thereby creating valuable opportunities for researchers to theorize about the ways in which trusting beliefs shape employees' security behaviors.
来源URL: