Speak their Language : Designing Effective Messages to Improve Employees’ Information Security Decision Making
Johnston, A. C., Warkentin, M., Dennis, A. R., & Siponen, M. (2019). Speak their Language : Designing Effective Messages to Improve Employees’ Information Security Decision Making. Decision Sciences, 50(2), 245-284. https://doi.org/10.1111/deci.12328
Published inDecision Sciences
© 2018 Decision Sciences Institute.
Employee disinterest in information security remains one of the greatest impediments to effective information security management programs. How can organizations enhance the persuasiveness of the information security messages used to warn employees of threats and encourage employees to take specific actions to improve their security? We use fear appeal theory and the elaboration likelihood model to argue that security messages presented using more personally relevant language are more likely to induce employees to engage in the recommended protective security behaviors. Our strategy uses organization identification theory to segment employees into two groups and then develops security messages that use language aligned with each of the two segments. We tested this strategy within a large U.S. organization, and found that employees were more likely to consider and act upon messages that used language aligned with their organizational identification than messages using language not aligned. The effect size was large. Our results show that subtly changing less than a dozen words in the way a security message was presented without changing its substantive content (e.g., using “our” instead of “your”) has both significant and meaningful effects on how employees think about and respond to it. ...
PublisherWiley; Decision Sciences Institute
Publication in research information system
MetadataShow full item record
Showing items with similar title or keywords.
Effects of Sanctions, Moral Beliefs, and Neutralization on Information Security Policy Violations Across Cultures Vance, Anthony; Boyer Fellow, Selvoy J.; Siponen, Mikko T.; Straub, Detmar W. (Elsevier, 2020)A principal concern of organizations is the failure of employees to comply with information security policies (ISPs). Deterrence theory is one of the most frequently used theories for examining ISP violations, yet studies ...
Lehtonen, Anna-Maija (2004)
Shall We Follow? Impact of Reputation Concern on Information Security Managers’ Investment Decisions Shao, Xiuyan; Siponen, Mikko; Liu, Fufan (Elsevier BV, 2020)Information security (infosec) is important for organizations. While budgeting for infosec is a crucial resource allocation decision, infosec managers may choose to follow other fellow experts’ recommendations or baseline ...
Jiang, Hemin; Tsohou, Aggeliki; Siponen, Mikko; Li, Ying (Emerald, 2020)Purpose – Internet monitoring in organizations can be used to monitor risks associated with Internet usage and information systems in organizations, such as employees’ cyberloafing behavior and information security incidents. ...
Niemimaa, Marko; Niemimaa, Elina (Taylor & Francis, 2019)Developing organisational information security (InfoSec) policies that account for international best practices but are contextual is as much an opportunity for improving InfoSec as it is a challenge. Previous research ...