Exploring Contrasting Effects of Trust in Organizational Security Practices and Protective Structures on Employees’ Security-Related Precaution Taking

IF 5 3区管理学 Q1 INFORMATION SCIENCE & LIBRARY SCIENCE

Information Systems Research Pub Date : 2024-01-08 DOI:10.1287/isre.2021.0528

Malte Greulich, Sebastian Lins, Daniel Pienta, Jason Bennett Thatcher, Ali Sunyaev

{"title":"Exploring Contrasting Effects of Trust in Organizational Security Practices and Protective Structures on Employees’ Security-Related Precaution Taking","authors":"Malte Greulich, Sebastian Lins, Daniel Pienta, Jason Bennett Thatcher, Ali Sunyaev","doi":"10.1287/isre.2021.0528","DOIUrl":null,"url":null,"abstract":"Encouraging employees to take security precautions is a vital strategy that organizations can use to reduce their vulnerability to information security (ISec) threats. This study investigates how the bright- and dark-side effects of trust in organizational information security impact employees’ intention to take security precautions. Employees who trust organizational security practices are more committed to protecting the organization and are more willing to take security precautions. To foster trust in organizational security practices and security commitment, ISec managers should establish a trusting security climate to ensure that employees can speak freely about the security problems they face in their work and receive support to resolve those problems if needed. This study also alerts managers to the potential adverse consequences of employees’ trust in the organization’s protective structures. We find that employees’ trust in the organization’s protective structures can backfire, making employees complacent regarding security. Further analyses indicate that security mindfulness mediates the influence of security complacency and security commitment on precaution taking. This study contributes by exploring and verifying the bright- and dark-side effects of trust in organizational ISec.","PeriodicalId":48411,"journal":{"name":"Information Systems Research","volume":null,"pages":null},"PeriodicalIF":5.0000,"publicationDate":"2024-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Systems Research","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.1287/isre.2021.0528","RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"INFORMATION SCIENCE & LIBRARY SCIENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Encouraging employees to take security precautions is a vital strategy that organizations can use to reduce their vulnerability to information security (ISec) threats. This study investigates how the bright- and dark-side effects of trust in organizational information security impact employees’ intention to take security precautions. Employees who trust organizational security practices are more committed to protecting the organization and are more willing to take security precautions. To foster trust in organizational security practices and security commitment, ISec managers should establish a trusting security climate to ensure that employees can speak freely about the security problems they face in their work and receive support to resolve those problems if needed. This study also alerts managers to the potential adverse consequences of employees’ trust in the organization’s protective structures. We find that employees’ trust in the organization’s protective structures can backfire, making employees complacent regarding security. Further analyses indicate that security mindfulness mediates the influence of security complacency and security commitment on precaution taking. This study contributes by exploring and verifying the bright- and dark-side effects of trust in organizational ISec.

查看原文本刊更多论文

探索对组织安全措施和保护性结构的信任对员工采取安全防范措施的不同影响

鼓励员工采取安全防范措施是企业降低信息安全（ISec）威胁脆弱性的重要策略。本研究探讨了组织信息安全信任的明暗面效应如何影响员工采取安全防范措施的意愿。信任组织安全实践的员工更致力于保护组织，也更愿意采取安全预防措施。为了促进员工对组织安全措施的信任和安全承诺，信息安全管理人员应建立一种信任的安全氛围，确保员工可以畅所欲言地谈论他们在工作中遇到的安全问题，并在必要时获得支持以解决这些问题。本研究还提醒管理者注意员工对组织保护结构的信任可能带来的不良后果。我们发现，员工对组织保护结构的信任可能会适得其反，使员工对安全问题产生自满情绪。进一步的分析表明，安全意识在安全自满和安全承诺对采取预防措施的影响之间起着中介作用。本研究通过探索和验证组织 ISec 信任的光明面和阴暗面效应做出了贡献。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Information Systems Research Multiple-

CiteScore

9.10

自引率

8.20%

发文量

120

期刊介绍： ISR (Information Systems Research) is a journal of INFORMS, the Institute for Operations Research and the Management Sciences. Information Systems Research is a leading international journal of theory, research, and intellectual development, focused on information systems in organizations, institutions, the economy, and society.