Author
Abstract
Digital transformation has established itself as an omnipresent term in the new millennium. Often considered synonymous with the so-called Fourth Industrial Revolution, the term describes the convergence of information technology and the ubiquity of data in private life as well as in business and social lives. Inherent to the term "revolution" is radical change and the upheaval of existing processes and relationships. Translated into a business context, revolution leads to the transformation of business models and established work processes as well as the increasing dependence on data and new technologies. In times of digital transformation, managers and organizational decision-makers are faced with constant, potentially business-critical, decisions regarding these new technologies and the maintenance of information and data security. The analysis of management decisions, therefore, plays a crucial role in comprehending and researching digital transformation. This dissertation, therefore, seeks to improve our understanding of decision-making processes regarding the adoption of cloud computing solutions and data protection measures as well as investments in information technology (IT) security in primarily small and medium-sized enterprises. Article A examines the influence of status quo bias and reference dependency in the decision to adopt cloud computing solutions. Based on the tenets of prospect theory, findings suggest that rather inexperienced decision-makers are taking their evaluation of the existing technology more into account when assessing a cloud-based replacement technology. As a consequence, status quo thinking leads to a more negative assessment of the new technology, which hinders its potentially beneficial introduction to the organizational IT service architecture. Article B investigates decision-making processes related to end-user data protection measures and the impact of psychological ownership on the motivation to protect data. In a questionnaire study and based on the protection motivation theory, the influence of psychological ownership on the decision-making behavior of individuals in both private and work contexts is analyzed. The results demonstrate that psychological ownership exerts a stronger impact on the protection motivation of participants in a private context. The analysis further indicates that employees partly relinquish their responsibility regarding security responses to protect data in their work context. Fostering feelings of psychological ownership could possibly counteract such detrimental effects and improve the adoption of data protection measures in a work context. In Article C, the previously demonstrated cognitive and behavioral aspects of decision-making are contextualized into a holistic conceptual framework. Based on a comprehensive literature analysis and an interview study, this study finds that decisions regarding IT security in companies are influenced by organizational, economic, environmental, cognitive, and behavioral aspects. The literature analysis further demonstrates that existing research still emphasizes economic aspects based on the assumption of purely rational decision-makers. Studies that shed light on IT security decisions from a behavioral, environmental or organizational perspective are significantly less frequent, although the analysis of the expert interviews emphasizes the influence of these aspects. Article D validates that decision-makers in companies are influenced by a variety of aspects when making investment decisions in IT security. The studies of both Article D and Article E aim at decision-makers from small and medium-sized enterprises (SMEs), since an in-depth literature review of existing research in the area of organizational IT security indicates that organizational IT security in SMEs has been largely neglected. The analysis of expert interviews conducted with SME decision-makers, however, indicates that implications of existing research can be transferred only to a limited extent due to unique constraints and their influence on decisions in the SME context. The studies, therefore, investigate and validate the impact of these SME-specific constraints regarding IT security decisions. The findings imply that invest-ment decisions with regard to organizational IT security are strongly influenced by SME-specific characteristics such as insufficient IT budget planning, undocumented processes, or multiple roles due to lack of resources. Consequently, this dissertation provides valuable insights for both practice and research regarding typical and frequent decision-making processes in the context of digital transformation. In particular, this study examines the influence of biases and non-rational aspects in the decision-making process regarding new technologies or measures to ensure their security as well as the effects of SME-specific constraints demonstrate and emphasizes the need for further behavioral research in technology adoption and IT security.
Suggested Citation
Heidt, Margareta, 2021.
"Digital Transformation and IT Security Issues - Analyzing Organizational Decision-Making Processes through a Behavioral Lens,"
Publications of Darmstadt Technical University, Institute for Business Studies (BWL)
127806, Darmstadt Technical University, Department of Business Administration, Economics and Law, Institute for Business Studies (BWL).
Handle:
RePEc:dar:wpaper:127806
Note: for complete metadata visit http://tubiblio.ulb.tu-darmstadt.de/127806/
Download full text from publisher
Corrections
All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:dar:wpaper:127806. See general information about how to correct material in RePEc.
If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.
We have no bibliographic references for this item. You can help adding them by using this form .
If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Dekanatssekretariat (email available below). General contact details of provider: https://edirc.repec.org/data/ivthdde.html .
Please note that corrections may take a couple of weeks to filter through
the various RePEc services.