Are we predisposed to behave securely? Influence of risk disposition on individual security behaviors

Merrill Warkentin, Sanjay Goel, Kevin J. Williams, Karen Renaud

Research output: Chapter in Book/Report/Conference proceedingConference contribution

17 Downloads (Pure)

Abstract

Employees continue to be the weak link in organizational security management and efforts to improve the security of employee behaviors have not been as effective as hoped. Researchers contend that security-related decision making is primarily based on risk perception. There is also a belief that, if changed, this could improve security-related compliance. The extant research has primarily focused on applying theories that assume rational decision making e.g. protection motivation and deterrence theories. This work presumes we can influence employees towards compliance with information security policies and by means of fear appeals and threatened sanctions. However, it is now becoming clear that security-related decision making is complex and nuanced, not a simple carrot- and stick-related situation. Dispositional and situational factors interact and interplay to influence security decisions. In this paper, we present a model that positions psychological disposition of individuals in terms of risk tolerance vs. risk aversion and proposes research to explore how this factor influences security behaviors. We propose a model that acknowledges the impact of employees' individual dispositional risk propensity as well as their situational risk perceptions on security-related decisions. It is crucial to understand this decision-making phenomenon as a foundation for designing effective interventions to reduce such risk taking. We conclude by offering suggestions for further research.

Original languageEnglish
Title of host publicationECIS 2018 Proceedings
PublisherAssociation for Information Systems
Number of pages10
ISBN (Electronic)9781861376671
Publication statusPublished - 29 Nov 2018
Event26th European Conference on Information Systems, ECIS 2018 - Portsmouth, United Kingdom
Duration: 23 Jun 201828 Jun 2018

Conference

Conference26th European Conference on Information Systems, ECIS 2018
CountryUnited Kingdom
CityPortsmouth
Period23/06/1828/06/18

Fingerprint

Disposition
Decision making
Employees
Risk perception
Security management
Situational factors
Influence factors
Risk propensity
Deterrence
Information security
Fear appeals
Risk taking
Employee behaviour
Sanctions
Security policy
Risk tolerance
Weak links
Risk aversion
Individual risk
Psychological

Cite this

Warkentin, M., Goel, S., Williams, K. J., & Renaud, K. (2018). Are we predisposed to behave securely? Influence of risk disposition on individual security behaviors. In ECIS 2018 Proceedings [25] Association for Information Systems.
Warkentin, Merrill ; Goel, Sanjay ; Williams, Kevin J. ; Renaud, Karen. / Are we predisposed to behave securely? Influence of risk disposition on individual security behaviors. ECIS 2018 Proceedings. Association for Information Systems, 2018.
@inproceedings{21879ef2a8f242c9ad3e22f1a2931148,
title = "Are we predisposed to behave securely? Influence of risk disposition on individual security behaviors",
abstract = "Employees continue to be the weak link in organizational security management and efforts to improve the security of employee behaviors have not been as effective as hoped. Researchers contend that security-related decision making is primarily based on risk perception. There is also a belief that, if changed, this could improve security-related compliance. The extant research has primarily focused on applying theories that assume rational decision making e.g. protection motivation and deterrence theories. This work presumes we can influence employees towards compliance with information security policies and by means of fear appeals and threatened sanctions. However, it is now becoming clear that security-related decision making is complex and nuanced, not a simple carrot- and stick-related situation. Dispositional and situational factors interact and interplay to influence security decisions. In this paper, we present a model that positions psychological disposition of individuals in terms of risk tolerance vs. risk aversion and proposes research to explore how this factor influences security behaviors. We propose a model that acknowledges the impact of employees' individual dispositional risk propensity as well as their situational risk perceptions on security-related decisions. It is crucial to understand this decision-making phenomenon as a foundation for designing effective interventions to reduce such risk taking. We conclude by offering suggestions for further research.",
author = "Merrill Warkentin and Sanjay Goel and Williams, {Kevin J.} and Karen Renaud",
year = "2018",
month = "11",
day = "29",
language = "English",
booktitle = "ECIS 2018 Proceedings",
publisher = "Association for Information Systems",
address = "United States",

}

Warkentin, M, Goel, S, Williams, KJ & Renaud, K 2018, Are we predisposed to behave securely? Influence of risk disposition on individual security behaviors. in ECIS 2018 Proceedings., 25, Association for Information Systems, 26th European Conference on Information Systems, ECIS 2018, Portsmouth, United Kingdom, 23/06/18.

Are we predisposed to behave securely? Influence of risk disposition on individual security behaviors. / Warkentin, Merrill; Goel, Sanjay; Williams, Kevin J.; Renaud, Karen.

ECIS 2018 Proceedings. Association for Information Systems, 2018. 25.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Are we predisposed to behave securely? Influence of risk disposition on individual security behaviors

AU - Warkentin, Merrill

AU - Goel, Sanjay

AU - Williams, Kevin J.

AU - Renaud, Karen

PY - 2018/11/29

Y1 - 2018/11/29

N2 - Employees continue to be the weak link in organizational security management and efforts to improve the security of employee behaviors have not been as effective as hoped. Researchers contend that security-related decision making is primarily based on risk perception. There is also a belief that, if changed, this could improve security-related compliance. The extant research has primarily focused on applying theories that assume rational decision making e.g. protection motivation and deterrence theories. This work presumes we can influence employees towards compliance with information security policies and by means of fear appeals and threatened sanctions. However, it is now becoming clear that security-related decision making is complex and nuanced, not a simple carrot- and stick-related situation. Dispositional and situational factors interact and interplay to influence security decisions. In this paper, we present a model that positions psychological disposition of individuals in terms of risk tolerance vs. risk aversion and proposes research to explore how this factor influences security behaviors. We propose a model that acknowledges the impact of employees' individual dispositional risk propensity as well as their situational risk perceptions on security-related decisions. It is crucial to understand this decision-making phenomenon as a foundation for designing effective interventions to reduce such risk taking. We conclude by offering suggestions for further research.

AB - Employees continue to be the weak link in organizational security management and efforts to improve the security of employee behaviors have not been as effective as hoped. Researchers contend that security-related decision making is primarily based on risk perception. There is also a belief that, if changed, this could improve security-related compliance. The extant research has primarily focused on applying theories that assume rational decision making e.g. protection motivation and deterrence theories. This work presumes we can influence employees towards compliance with information security policies and by means of fear appeals and threatened sanctions. However, it is now becoming clear that security-related decision making is complex and nuanced, not a simple carrot- and stick-related situation. Dispositional and situational factors interact and interplay to influence security decisions. In this paper, we present a model that positions psychological disposition of individuals in terms of risk tolerance vs. risk aversion and proposes research to explore how this factor influences security behaviors. We propose a model that acknowledges the impact of employees' individual dispositional risk propensity as well as their situational risk perceptions on security-related decisions. It is crucial to understand this decision-making phenomenon as a foundation for designing effective interventions to reduce such risk taking. We conclude by offering suggestions for further research.

M3 - Conference contribution

BT - ECIS 2018 Proceedings

PB - Association for Information Systems

ER -

Warkentin M, Goel S, Williams KJ, Renaud K. Are we predisposed to behave securely? Influence of risk disposition on individual security behaviors. In ECIS 2018 Proceedings. Association for Information Systems. 2018. 25