Are we predisposed to behave securely? Influence of risk disposition on individual security behaviours

Merrill Warkentin, Sanjay Goel, Kevin J. Williams, Karen Renaud

Research output: Contribution to conferencePoster

Abstract

Employees continue to be the weak link in organizational security management and efforts to improve the security of employee behaviors have not been as effective as hoped. Researchers contend that security-related decision making is primarily based on risk perception. There is also a belief that, if changed, this could improve security-related compliance. The extant re-search has primarily focused on applying theories that assume rational decision making e.g. protection motivation and deterrence theories. This work presumes we can influence employees towards compliance with information security policies and by means of fear appeals and threat-ened sanctions. However, it is now becoming clear that security-related decision making is complex and nuanced, not a simple carrot- and stick-related situation. Dispositional and situa-tional factors interact and interplay to influence security decisions. In this paper, we present a model that positions psychological disposition of individuals in terms of risk tolerance vs. risk aversion and proposes research to explore how this factor influences security behaviors. We propose a model that acknowledges the impact of employees’ individual dispositional risk pro-pensity as well as their situational risk perceptions on their security-related decisions. It is cru-cial to understand this decision-making phenomenon as a foundation for designing effective in-terventions to reduce such risk taking. We conclude by offering suggestions for further research.

Conference

ConferenceEuropean Conference on Information Systems 2018
Abbreviated titleECIS 2018
CountryUnited Kingdom
CityPortsmouth
Period23/06/1828/06/18
Internet address

Fingerprint

Disposition
Decision making
Employees
Risk perception
Security management
Influence factors
Factors
Deterrence
Fear appeals
Information security
Risk taking
Sanctions
Employee behaviour
Threat
Security policy
Risk aversion
Weak links
Risk tolerance
Individual risk
Psychological

Cite this

Warkentin, M., Goel, S., Williams, K. J., & Renaud, K. (2018). Are we predisposed to behave securely? Influence of risk disposition on individual security behaviours. 1. Poster session presented at European Conference on Information Systems 2018, Portsmouth, United Kingdom.
Warkentin, Merrill ; Goel, Sanjay ; Williams, Kevin J. ; Renaud, Karen. / Are we predisposed to behave securely? Influence of risk disposition on individual security behaviours. Poster session presented at European Conference on Information Systems 2018, Portsmouth, United Kingdom.
@conference{df47f317b8044e55bdb7db8587ba5640,
title = "Are we predisposed to behave securely? Influence of risk disposition on individual security behaviours",
abstract = "Employees continue to be the weak link in organizational security management and efforts to improve the security of employee behaviors have not been as effective as hoped. Researchers contend that security-related decision making is primarily based on risk perception. There is also a belief that, if changed, this could improve security-related compliance. The extant re-search has primarily focused on applying theories that assume rational decision making e.g. protection motivation and deterrence theories. This work presumes we can influence employees towards compliance with information security policies and by means of fear appeals and threat-ened sanctions. However, it is now becoming clear that security-related decision making is complex and nuanced, not a simple carrot- and stick-related situation. Dispositional and situa-tional factors interact and interplay to influence security decisions. In this paper, we present a model that positions psychological disposition of individuals in terms of risk tolerance vs. risk aversion and proposes research to explore how this factor influences security behaviors. We propose a model that acknowledges the impact of employees’ individual dispositional risk pro-pensity as well as their situational risk perceptions on their security-related decisions. It is cru-cial to understand this decision-making phenomenon as a foundation for designing effective in-terventions to reduce such risk taking. We conclude by offering suggestions for further research.",
author = "Merrill Warkentin and Sanjay Goel and Williams, {Kevin J.} and Karen Renaud",
year = "2018",
month = "6",
day = "28",
language = "English",
pages = "1",
note = "European Conference on Information Systems 2018 : Beyond digitization: facets of socio-technical change, ECIS 2018 ; Conference date: 23-06-2018 Through 28-06-2018",
url = "http://ecis2018.eu/",

}

Warkentin, M, Goel, S, Williams, KJ & Renaud, K 2018, 'Are we predisposed to behave securely? Influence of risk disposition on individual security behaviours' European Conference on Information Systems 2018, Portsmouth, United Kingdom, 23/06/18 - 28/06/18, pp. 1.

Are we predisposed to behave securely? Influence of risk disposition on individual security behaviours. / Warkentin, Merrill; Goel, Sanjay; Williams, Kevin J.; Renaud, Karen.

2018. 1 Poster session presented at European Conference on Information Systems 2018, Portsmouth, United Kingdom.

Research output: Contribution to conferencePoster

TY - CONF

T1 - Are we predisposed to behave securely? Influence of risk disposition on individual security behaviours

AU - Warkentin, Merrill

AU - Goel, Sanjay

AU - Williams, Kevin J.

AU - Renaud, Karen

PY - 2018/6/28

Y1 - 2018/6/28

N2 - Employees continue to be the weak link in organizational security management and efforts to improve the security of employee behaviors have not been as effective as hoped. Researchers contend that security-related decision making is primarily based on risk perception. There is also a belief that, if changed, this could improve security-related compliance. The extant re-search has primarily focused on applying theories that assume rational decision making e.g. protection motivation and deterrence theories. This work presumes we can influence employees towards compliance with information security policies and by means of fear appeals and threat-ened sanctions. However, it is now becoming clear that security-related decision making is complex and nuanced, not a simple carrot- and stick-related situation. Dispositional and situa-tional factors interact and interplay to influence security decisions. In this paper, we present a model that positions psychological disposition of individuals in terms of risk tolerance vs. risk aversion and proposes research to explore how this factor influences security behaviors. We propose a model that acknowledges the impact of employees’ individual dispositional risk pro-pensity as well as their situational risk perceptions on their security-related decisions. It is cru-cial to understand this decision-making phenomenon as a foundation for designing effective in-terventions to reduce such risk taking. We conclude by offering suggestions for further research.

AB - Employees continue to be the weak link in organizational security management and efforts to improve the security of employee behaviors have not been as effective as hoped. Researchers contend that security-related decision making is primarily based on risk perception. There is also a belief that, if changed, this could improve security-related compliance. The extant re-search has primarily focused on applying theories that assume rational decision making e.g. protection motivation and deterrence theories. This work presumes we can influence employees towards compliance with information security policies and by means of fear appeals and threat-ened sanctions. However, it is now becoming clear that security-related decision making is complex and nuanced, not a simple carrot- and stick-related situation. Dispositional and situa-tional factors interact and interplay to influence security decisions. In this paper, we present a model that positions psychological disposition of individuals in terms of risk tolerance vs. risk aversion and proposes research to explore how this factor influences security behaviors. We propose a model that acknowledges the impact of employees’ individual dispositional risk pro-pensity as well as their situational risk perceptions on their security-related decisions. It is cru-cial to understand this decision-making phenomenon as a foundation for designing effective in-terventions to reduce such risk taking. We conclude by offering suggestions for further research.

M3 - Poster

SP - 1

ER -

Warkentin M, Goel S, Williams KJ, Renaud K. Are we predisposed to behave securely? Influence of risk disposition on individual security behaviours. 2018. Poster session presented at European Conference on Information Systems 2018, Portsmouth, United Kingdom.