IDEAS home Printed from https://ideas.repec.org/p/dar/wpaper/102853.html
   My bibliography  Save this paper

IT Security in the Age of Digitalization – Toward an Understanding of Risk Perceptions and Protective Behaviors of Private Individuals and Managers in Organizations

Author

Listed:
  • Sonnenschein, Katja Rabea

Abstract

Nowadays, information technology (IT) has become an integral part of our everyday life. In both the private and business context, we extensively use different IT systems for data production, data organization, data analysis, and communication with others. Due to the extensive usage of IT, the amount of digitalized personal and organizational information is rapidly and incessantly rising — making both private individuals and organizations attractive targets for attackers. The necessity to effectively protect sensitive data from IT security incidents is highly discussed in practice and research, it attracts high media attention, and our society should be actually aware of the importance of IT security in today’s digital world. However, recent reports demonstrate that organizations as well as private individuals — even though they are afraid of the rapid evolution of IT security risks — still often refrain from adopting the necessary IT security safeguards. To better prepare our society for the ongoing risks arising from extensive IT usage, a better understanding of how IT security is perceived by private individuals and managers is required. Motivated by the findings and theoretical underpinnings from previous research, this thesis addresses several research questions with respect to IT security perceptions and behaviors of private individuals and managers in organizations. By conducting four studies — one among private individuals and three among managers in organizations — the thesis not only contributes to the current research but also provides useful recommendations for practice. Suppliers of IT and IT security products as well as managers in customer organizations can especially learn from the findings of the studies. First, research paper A is focused on the private context and analyzes the gender differences in mobile users’ IT security perceptions and protective behaviors. Drawing on Gender Schema Theory and Protection Motivation Theory, a mixed-method study (survey, experiment, and interviews) under laboratory conditions is conducted. The results show that IT security perceptions of females and males are based on different downstream beliefs and indicate that females are more likely to translate their intention to take precautionary actions into actual behavior than males. The studies presented in research papers B, C, and D are conducted within the business context and focus on the IT security perceptions and behaviors of managers in organizations. Research paper B analyzes top managers’ IT security awareness. Since previous research predominantly investigated IT security awareness at the employee level, a comprehensive conceptualization of IT security awareness at the management level is currently missing. To address this research gap, a structured literature review and expert interviews are performed in order to develop and test a comprehensive conceptualization — including both individual and organizational factors — of top managers’ IT security awareness. Within research paper C, managers’ willingness to pay for IT security is in the focus of the investigation. Previous research largely neglected that various IT security safeguards might be differently evaluated by organizations, for example, due to different IT security requirements. By drawing on Kano’s Theory, the study takes into account that — depending on the organization’s individual IT security requirements — the implementation of IT security safeguards can also be associated with disadvantages. Based on interviews and an empirical study among managers, the study reveals that IT security safeguards are differently evaluated and that these different evaluations are associated with different levels of managers’ willingness to pay. Finally, research paper D analyzes managers’ Status Quo-Thinking in risk perception. Based on Prospect Theory, Status Quo Bias research, and an empirical study among managers, the findings indicate that managers’ risk evaluations and decisions to adopt new technologies are highly dependent on their assessments of the systems currently used in the organization. Moreover, the results implicate that the impact of Status Quo-Thinking on managers’ risk assessments and intentions to adopt new technologies is stronger the less experienced a manager is with a new technology, probably resulting in an incorrect risk assessment and inappropriate adoption behavior. Implications for research and practice are discussed in more detail within each research paper and summarized in the final chapter of the thesis.

Suggested Citation

  • Sonnenschein, Katja Rabea, 2018. "IT Security in the Age of Digitalization – Toward an Understanding of Risk Perceptions and Protective Behaviors of Private Individuals and Managers in Organizations," Publications of Darmstadt Technical University, Institute for Business Studies (BWL) 102853, Darmstadt Technical University, Department of Business Administration, Economics and Law, Institute for Business Studies (BWL).
  • Handle: RePEc:dar:wpaper:102853
    Note: for complete metadata visit http://tubiblio.ulb.tu-darmstadt.de/102853/
    as

    Download full text from publisher

    File URL: http://tuprints.ulb.tu-darmstadt.de/7303
    Download Restriction: no
    ---><---

    More about this item

    NEP fields

    This paper has been announced in the following NEP Reports:

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:dar:wpaper:102853. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Dekanatssekretariat (email available below). General contact details of provider: https://edirc.repec.org/data/ivthdde.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.