Author
Listed:
- Malte Greulich
(Institute of Applied Informatics and Formal Description Methods, Department of Economics and Management, Karlsruhe Institute of Technology, 76049 Karlsruhe, Germany)
- Sebastian Lins
(Institute of Applied Informatics and Formal Description Methods, Department of Economics and Management, Karlsruhe Institute of Technology, 76049 Karlsruhe, Germany)
- Daniel Pienta
(Department of Accounting and Information Management, University of Tennessee, Knoxville, Tennessee 37996)
- Jason Bennett Thatcher
(Leeds School of Business, University of Colorado Boulder, Boulder, Colorado 80309; Alliance Manchester Business School, University of Manchester, Manchester M15 6PB, United Kingdom)
- Ali Sunyaev
(Institute of Applied Informatics and Formal Description Methods, Department of Economics and Management, Karlsruhe Institute of Technology, 76049 Karlsruhe, Germany; KASTEL Security Research Labs, 76049 Karlsruhe, Germany)
Abstract
Employees’ precautionary security behaviors are vital to the effective protection of organizations from cybersecurity threats. Despite substantial security training efforts, employees frequently do not take security precautions. This study draws from trust theory and mindfulness theory to investigate how the bright- and dark-side effects of two conceptualizations of trust in organizational information security impact employees’ precaution taking. Insights drawn from a survey of 380 organizational employees suggest that employees who trust their organization’s security practices are more committed and less complacent in protecting their organization and more likely to take security precautions. In contrast, we find evidence of the dark-side effect of employees’ trust in organizational protective structures by showing that such trust can lead to complacency regarding security. Analyses indicate that security mindfulness mediates the influence of security complacency and security commitment on precaution taking. These results highlight the crucial roles of security commitment, security complacency, and security mindfulness in shaping employees’ precaution taking. This study contributes to information security research by providing empirical evidence concerning the simultaneous bright- and dark-side effects of employees’ trust in organizational information security, thereby creating valuable opportunities for researchers to theorize about the ways in which trusting beliefs shape employees’ security behaviors.
Suggested Citation
Malte Greulich & Sebastian Lins & Daniel Pienta & Jason Bennett Thatcher & Ali Sunyaev, 2024.
"Exploring Contrasting Effects of Trust in Organizational Security Practices and Protective Structures on Employees’ Security-Related Precaution Taking,"
Information Systems Research, INFORMS, vol. 35(4), pages 1586-1608, December.
Handle:
RePEc:inm:orisre:v:35:y:2024:i:4:p:1586-1608
DOI: 10.1287/isre.2021.0528
Download full text from publisher
Corrections
All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:inm:orisre:v:35:y:2024:i:4:p:1586-1608. See general information about how to correct material in RePEc.
If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.
We have no bibliographic references for this item. You can help adding them by using this form .
If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Chris Asher (email available below). General contact details of provider: https://edirc.repec.org/data/inforea.html .
Please note that corrections may take a couple of weeks to filter through
the various RePEc services.