IDEAS home Printed from https://ideas.repec.org/a/spr/infosf/vyid10.1007_s10796-019-09927-9.html
   My bibliography  Save this article

A Cross Industry Study of Institutional Pressures on Organizational Effort to Raise Information Security Awareness

Author

Listed:
  • Hwee-Joo Kam

    (University of Tampa)

  • Thomas Mattson

    (University of Richmond)

  • Sanjay Goel

    (University at Albany, SUNY)

Abstract

In this paper, we conceptually and empirically investigate the relationship between industry and information security awareness (ISA). Different industries have unique security related norms, rules, and values, which we propose promotes different levels of organizational effort to raise their employees’ general ISA. To examine these potential industry effects, we draw on Neo-Institutional Theory (NIT) because different industries operate in unique institutional environments. We specifically theorize that the pressures from the three institutional pillars (regulative, normative, and cultural-cognitive) will affect employees across all industries but the magnitude of those effects will vary across industries, because different industries have institutionalized security practices in unique ways. To evaluate our theorized relationships empirically, we surveyed employees in the banking, healthcare, retail, and higher education industries. We found that our subjects’ perceptions of the pressures from the three institutional pillars positively affected their perceptions of how much effort their organizations exerted to raise their general ISA. However, we also found that these effects were not consistent across our surveyed employees in the different industries, especially related to the direct and moderating effect of perceived normative institutional pressures. The implication of our paper is that future behavioral information security research should consider how industry and their corresponding institutional structures might affect (positively or negatively) the relationships in our core theoretical models.

Suggested Citation

  • Hwee-Joo Kam & Thomas Mattson & Sanjay Goel, 0. "A Cross Industry Study of Institutional Pressures on Organizational Effort to Raise Information Security Awareness," Information Systems Frontiers, Springer, vol. 0, pages 1-24.
    • Handle: RePEc:spr:infosf:v::y::i::d:10.1007_s10796-019-09927-9
    DOI: 10.1007/s10796-019-09927-9
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10796-019-09927-9
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1007/s10796-019-09927-9?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Durand, Rodolphe & Thornton, Patricia, 2018. "Categorizing Institutional Logics, Institutionalizing Categories: A Review of Two Literatures," HEC Research Papers Series 1276, HEC Paris, revised 30 May 2018.
    2. Kuo-chung Chang & Chih-ping Wang, 2011. "Information systems resources and information security," Information Systems Frontiers, Springer, vol. 13(4), pages 579-593, September.
    3. John Leslie King & Vijay Gurbaxani & Kenneth L. Kraemer & F. Warren McFarlan & K. S. Raman & C. S. Yap, 1994. "Institutional Factors in Information Technology Innovation," Information Systems Research, INFORMS, vol. 5(2), pages 139-169, June.
    4. A. J. Burns & Clay Posey & James F. Courtney & Tom L. Roberts & Prabhashi Nanayakkara, 0. "Organizational information security as a complex adaptive system: insights from three agent-based models," Information Systems Frontiers, Springer, vol. 0, pages 1-16.
    5. Mark Chan & Irene Woon & Atreyi Kankanhalli, 2005. "Perceptions of Information Security in the Workplace: Linking Information Security Climate to Compliant Behavior," Journal of Information Privacy and Security, Taylor & Francis Journals, vol. 1(3), pages 18-41, July.
    6. Elizabeth A. Alexander, 2012. "The Effects of Legal, Normative, and Cultural-Cognitive Institutions on Innovation in Technology Alliances," Management International Review, Springer, vol. 52(6), pages 791-815, December.
    7. Ofer Zwikael & Mark Ahn, 2011. "The Effectiveness of Risk Management: An Analysis of Project Risk Planning Across Industries and Countries," Risk Analysis, John Wiley & Sons, vol. 31(1), pages 25-37, January.
    8. Suddaby, Roy & Gendron, Yves & Lam, Helen, 2009. "The organizational context of professionalism in accounting," Accounting, Organizations and Society, Elsevier, vol. 34(3-4), pages 409-427, April.
    9. John D'Arcy & Anat Hovav & Dennis Galletta, 2009. "User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach," Information Systems Research, INFORMS, vol. 20(1), pages 79-98, March.
    10. A. J. Burns & Clay Posey & James F. Courtney & Tom L. Roberts & Prabhashi Nanayakkara, 2017. "Organizational information security as a complex adaptive system: insights from three agent-based models," Information Systems Frontiers, Springer, vol. 19(3), pages 509-524, June.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Margareta Heidt & Jin P. Gerlach & Peter Buxmann, 2019. "Investigating the Security Divide between SME and Large Companies: How SME Characteristics Influence Organizational IT Security Investments," Information Systems Frontiers, Springer, vol. 21(6), pages 1285-1305, December.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Hwee-Joo Kam & Thomas Mattson & Sanjay Goel, 2020. "A Cross Industry Study of Institutional Pressures on Organizational Effort to Raise Information Security Awareness," Information Systems Frontiers, Springer, vol. 22(5), pages 1241-1264, October.
    2. A. J. Burns & Clay Posey & Tom L. Roberts, 2021. "Insiders’ Adaptations to Security-Based Demands in the Workplace: An Examination of Security Behavioral Complexity," Information Systems Frontiers, Springer, vol. 23(2), pages 343-360, April.
    3. Eunkyung Kweon & Hansol Lee & Sangmi Chai & Kyeongwon Yoo, 2021. "The Utility of Information Security Training and Education on Cybersecurity Incidents: An empirical evidence," Information Systems Frontiers, Springer, vol. 23(2), pages 361-373, April.
    4. Chang-Gyu Yang & Hee-Jun Lee, 2016. "A study on the antecedents of healthcare information protection intention," Information Systems Frontiers, Springer, vol. 18(2), pages 253-263, April.
    5. Robert E. Crossler & France Bélanger & Dustin Ormond, 2019. "The quest for complete security: An empirical analysis of users’ multi-layered protection from security threats," Information Systems Frontiers, Springer, vol. 21(2), pages 343-357, April.
    6. Jeffrey D. Wall & Prashant Palvia & John D’Arcy, 2022. "Theorizing the Behavioral Effects of Control Complementarity in Security Control Portfolios," Information Systems Frontiers, Springer, vol. 24(2), pages 637-658, April.
    7. Jack Shih-Chieh Hsu & Sheng-Pao Shih & Yu Wen Hung & Paul Benjamin Lowry, 2015. "The Role of Extra-Role Behaviors and Social Controls in Information Security Policy Effectiveness," Information Systems Research, INFORMS, vol. 26(2), pages 282-300, June.
    8. Murilo Catussi Almeida & Adilson Carlos Yoshikuni & Rajeev Dwivedi & Cláudio Luís Carvalho Larieira, 2022. "Do Leadership Styles Influence Employee Information Systems Security Intention? A Study of the Banking Industry," Global Journal of Flexible Systems Management, Springer;Global Institute of Flexible Systems Management, vol. 23(4), pages 535-550, December.
    9. Donna Bobek & Amy Hageman & Robin Radtke, 2015. "The Influence of Roles and Organizational Fit on Accounting Professionals’ Perceptions of their Firms’ Ethical Environment," Journal of Business Ethics, Springer, vol. 126(1), pages 125-141, January.
    10. Kumju Hwang & Hyemi Um, 2021. "Social Controls and Bonds of Public Information Consumer on Sustainable Utilization and Provision for Computing," Sustainability, MDPI, vol. 13(9), pages 1-20, May.
    11. Szukits, Ágnes, 2019. "Controllers’ profession in contemporary organisations – Evidence from Hungary," Journal of East European Management Studies, Nomos Verlagsgesellschaft mbH & Co. KG, vol. 24(1), pages 8-31.
    12. Jae Kyu Lee & Younghoon Chang & Hun Yeong Kwon & Beopyeon Kim, 2020. "Reconciliation of Privacy with Preventive Cybersecurity: The Bright Internet Approach," Information Systems Frontiers, Springer, vol. 22(1), pages 45-57, February.
    13. Jun Wen & Hadi Hussain & Renai Jiang & Junaid Waheed, 2023. "Overcoming the Digital Divide With ICT Diffusion: Multivariate and Spatial Analysis at China’s Provincial Level," SAGE Open, , vol. 13(1), pages 21582440231, March.
    14. AnnMarie Bennett & Breda Murphy, 2017. "The Tax Profession: Tax Avoidance and the Public Interest," Economics Department Working Paper Series n286-17.pdf, Department of Economics, National University of Ireland - Maynooth.
    15. Alsaad, Abdallah & Taamneh, Abdallah, 2019. "The effect of international pressures on the cross-national diffusion of business-to-business e-commerce," Technology in Society, Elsevier, vol. 59(C).
    16. Cheung, Zeerim & Aalto, Eero & Nevalainen, Pasi, 2020. "Institutional Logics and the Internationalization of a State-Owned Enterprise: Evaluation of International Venture Opportunities by Telecom Finland 1987–1998," Journal of World Business, Elsevier, vol. 55(6).
    17. Hameeda A. AlMalki & Christopher M. Durugbo, 2023. "Systematic review of institutional innovation literature: towards a multi-level management model," Management Review Quarterly, Springer, vol. 73(2), pages 731-785, June.
    18. Eric Jardine, 2020. "The Case against Commercial Antivirus Software: Risk Homeostasis and Information Problems in Cybersecurity," Risk Analysis, John Wiley & Sons, vol. 40(8), pages 1571-1588, August.
    19. Daoust, Laurence, 2020. "Playing the Big Four recruitment game: The tension between illusio and reflexivity," CRITICAL PERSPECTIVES ON ACCOUNTING, Elsevier, vol. 66(C).
    20. Silva, Leiser & Hsu, Carol & Backhouse, James & McDonnell, Aidan, 2016. "Resistance and power in a security certification scheme: the case of c:cure," LSE Research Online Documents on Economics 68348, London School of Economics and Political Science, LSE Library.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:infosf:v::y::i::d:10.1007_s10796-019-09927-9. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.