Malte Greulich, Sebastian Lins, Daniel Pienta, Jason Bennett Thatcher, Ali Sunyaev
{"title":"Exploring Contrasting Effects of Trust in Organizational Security Practices and Protective Structures on Employees’ Security-Related Precaution Taking","authors":"Malte Greulich, Sebastian Lins, Daniel Pienta, Jason Bennett Thatcher, Ali Sunyaev","doi":"10.1287/isre.2021.0528","DOIUrl":null,"url":null,"abstract":"Encouraging employees to take security precautions is a vital strategy that organizations can use to reduce their vulnerability to information security (ISec) threats. This study investigates how the bright- and dark-side effects of trust in organizational information security impact employees’ intention to take security precautions. Employees who trust organizational security practices are more committed to protecting the organization and are more willing to take security precautions. To foster trust in organizational security practices and security commitment, ISec managers should establish a trusting security climate to ensure that employees can speak freely about the security problems they face in their work and receive support to resolve those problems if needed. This study also alerts managers to the potential adverse consequences of employees’ trust in the organization’s protective structures. We find that employees’ trust in the organization’s protective structures can backfire, making employees complacent regarding security. Further analyses indicate that security mindfulness mediates the influence of security complacency and security commitment on precaution taking. This study contributes by exploring and verifying the bright- and dark-side effects of trust in organizational ISec.","PeriodicalId":48411,"journal":{"name":"Information Systems Research","volume":null,"pages":null},"PeriodicalIF":5.0000,"publicationDate":"2024-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Systems Research","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.1287/isre.2021.0528","RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"INFORMATION SCIENCE & LIBRARY SCIENCE","Score":null,"Total":0}
引用次数: 0
Abstract
Encouraging employees to take security precautions is a vital strategy that organizations can use to reduce their vulnerability to information security (ISec) threats. This study investigates how the bright- and dark-side effects of trust in organizational information security impact employees’ intention to take security precautions. Employees who trust organizational security practices are more committed to protecting the organization and are more willing to take security precautions. To foster trust in organizational security practices and security commitment, ISec managers should establish a trusting security climate to ensure that employees can speak freely about the security problems they face in their work and receive support to resolve those problems if needed. This study also alerts managers to the potential adverse consequences of employees’ trust in the organization’s protective structures. We find that employees’ trust in the organization’s protective structures can backfire, making employees complacent regarding security. Further analyses indicate that security mindfulness mediates the influence of security complacency and security commitment on precaution taking. This study contributes by exploring and verifying the bright- and dark-side effects of trust in organizational ISec.
期刊介绍:
ISR (Information Systems Research) is a journal of INFORMS, the Institute for Operations Research and the Management Sciences. Information Systems Research is a leading international journal of theory, research, and intellectual development, focused on information systems in organizations, institutions, the economy, and society.