Shall We Follow? Impact of Reputation Concern on Information Security Managers’ Investment Decisions
Shao, X., Siponen, M., & Liu, F. (2020). Shall We Follow? Impact of Reputation Concern on Information Security Managers’ Investment Decisions. Computers and Security, 97, Article 101961. https://doi.org/10.1016/j.cose.2020.101961
Published in
Computers and SecurityDate
2020Copyright
© 2020 Elsevier Ltd. All rights reserved.
Information security (infosec) is important for organizations. While budgeting for infosec is a crucial resource allocation decision, infosec managers may choose to follow other fellow experts’ recommendations or baseline practices. The present paper uses reputational herding theory to explain the decision made by infosec managers to use a “let's follow others” strategy in this context. Based on a sample of 106 organizations in Finland, we find that infosec managers’ ability to accurately predict the benefit of infosec investment, as well as their reputations, have significant effects on motivating them to discount their own information. Infosec managers’ discounting of their own information, together with the strength of information that relates to infosec investment and mandatory requirements, motivates infosec investment. Our empirical results highlight the “let's follow others” strategy as an important alternative to cost–benefit analysis in terms of budgeting for infosec investment.
...
Publisher
Elsevier BVISSN Search the Publication Forum
0167-4048Keywords
Publication in research information system
https://converis.jyu.fi/converis/portal/detail/Publication/41655516
Metadata
Show full item recordCollections
Additional information about funding
This work was supported by Zhishan Youth Scholar Program of Southeast University, Jiangsu Specially-Appointed Professor Program (No. 3051107219003), and National Social Science Foundation of China (No. 6614000050).License
Related items
Showing items with similar title or keywords.
-
To Calculate or To Follow Others : How Do Information Security Managers Make Investment Decisions?
Shao, Xiuyan; Siponen, Mikko; Pahnila, Seppo (University of Hawai'i at Manoa, 2019)Economic models of information security investment suggest estimating cost and benefit to make an information security investment decision. However, the intangible nature of information security investment prevents ... -
Investigating the Impact of Organizational Culture on Information Security Policy Compliance : The Case of Ethiopia
Ejigu, Kibrom Tadesse; Siponen, Mikko; Arage, Tilahun Muluneh (Association for Information Systems, 2021)Information security is one of the organizations' top agendas worldwide. Similarly, there is a growing trend in the kinds and rate of security breaches. Information security experts and scholars concentrate on outsiders' ... -
Organisational GDPR Investments and Impacts
Hirvonen, Pauliina (Academic Conferences International, 2023)The aim of this empirical multi-case study is to understand the GDPR investments and impacts of the organisations. Among these, the measuring experiences related to GDPR and information security (Isec), and the future ... -
The moderating impact of organizational culture on information security compliance
Ejigu, Kibrom; Siponen, Mikko; Muluneh, Tilahun (Addis Ababa University Press, 2023)This research paper investigates the association between organizational culture and employees' compliance with information security policies. Drawing upon rational choice theory (RCT) and the competing values framework ... -
Effects of Sanctions, Moral Beliefs, and Neutralization on Information Security Policy Violations Across Cultures
Vance, Anthony; Boyer Fellow, Selvoy J.; Siponen, Mikko T.; Straub, Detmar W. (Elsevier, 2020)A principal concern of organizations is the failure of employees to comply with information security policies (ISPs). Deterrence theory is one of the most frequently used theories for examining ISP violations, yet studies ...