{"title":"“真是浪费时间”:对网络安全合法性的审查","authors":"W. Alec Cram, John D'Arcy","doi":"10.1111/isj.12460","DOIUrl":null,"url":null,"abstract":"<p>Managers who oversee cybersecurity policies commonly rely on managerial encouragement (e.g., rewards) and employee characteristics (e.g., attitude) to drive compliant behaviour. However, whereas some cybersecurity initiatives are perceived as reasonable by employees, others are viewed as a ‘waste of time’. This research introduces employee judgements of <i>cybersecurity legitimacy</i> as a new angle for understanding employee compliance with cybersecurity policies over time. Drawing on theory from the organisational legitimacy and cybersecurity literature, we conduct a three-wave survey of 529 employees and find that, for each separate wave, negative legitimacy judgements mediate the relationship between management support and compliance, as well as between cybersecurity inconvenience and compliance. Our results provide support for cybersecurity legitimacy as an important influence on employee compliance with cybersecurity initiatives. This is significant because it highlights to managers the importance of not simply expecting compliant employee behaviour to follow from the introduction of cybersecurity initiatives, but that employees need to be convinced that the initiatives are fair and reasonable. Interestingly, we did not find sufficient support for our expectation that the increased likelihood of a cybersecurity incident will moderate the legitimacy-policy compliance relationship. This result suggests that the legitimacy perceptions of employees are unyielding to differences in the risk characteristics of the cybersecurity incidents facing organisations.</p>","PeriodicalId":48049,"journal":{"name":"Information Systems Journal","volume":"33 6","pages":"1396-1422"},"PeriodicalIF":6.5000,"publicationDate":"2023-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1111/isj.12460","citationCount":"1","resultStr":"{\"title\":\"‘What a waste of time’: An examination of cybersecurity legitimacy\",\"authors\":\"W. Alec Cram, John D'Arcy\",\"doi\":\"10.1111/isj.12460\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>Managers who oversee cybersecurity policies commonly rely on managerial encouragement (e.g., rewards) and employee characteristics (e.g., attitude) to drive compliant behaviour. However, whereas some cybersecurity initiatives are perceived as reasonable by employees, others are viewed as a ‘waste of time’. This research introduces employee judgements of <i>cybersecurity legitimacy</i> as a new angle for understanding employee compliance with cybersecurity policies over time. Drawing on theory from the organisational legitimacy and cybersecurity literature, we conduct a three-wave survey of 529 employees and find that, for each separate wave, negative legitimacy judgements mediate the relationship between management support and compliance, as well as between cybersecurity inconvenience and compliance. Our results provide support for cybersecurity legitimacy as an important influence on employee compliance with cybersecurity initiatives. This is significant because it highlights to managers the importance of not simply expecting compliant employee behaviour to follow from the introduction of cybersecurity initiatives, but that employees need to be convinced that the initiatives are fair and reasonable. Interestingly, we did not find sufficient support for our expectation that the increased likelihood of a cybersecurity incident will moderate the legitimacy-policy compliance relationship. This result suggests that the legitimacy perceptions of employees are unyielding to differences in the risk characteristics of the cybersecurity incidents facing organisations.</p>\",\"PeriodicalId\":48049,\"journal\":{\"name\":\"Information Systems Journal\",\"volume\":\"33 6\",\"pages\":\"1396-1422\"},\"PeriodicalIF\":6.5000,\"publicationDate\":\"2023-07-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://onlinelibrary.wiley.com/doi/epdf/10.1111/isj.12460\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Information Systems Journal\",\"FirstCategoryId\":\"91\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.1111/isj.12460\",\"RegionNum\":2,\"RegionCategory\":\"管理学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"INFORMATION SCIENCE & LIBRARY SCIENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Systems Journal","FirstCategoryId":"91","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1111/isj.12460","RegionNum":2,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"INFORMATION SCIENCE & LIBRARY SCIENCE","Score":null,"Total":0}
‘What a waste of time’: An examination of cybersecurity legitimacy
Managers who oversee cybersecurity policies commonly rely on managerial encouragement (e.g., rewards) and employee characteristics (e.g., attitude) to drive compliant behaviour. However, whereas some cybersecurity initiatives are perceived as reasonable by employees, others are viewed as a ‘waste of time’. This research introduces employee judgements of cybersecurity legitimacy as a new angle for understanding employee compliance with cybersecurity policies over time. Drawing on theory from the organisational legitimacy and cybersecurity literature, we conduct a three-wave survey of 529 employees and find that, for each separate wave, negative legitimacy judgements mediate the relationship between management support and compliance, as well as between cybersecurity inconvenience and compliance. Our results provide support for cybersecurity legitimacy as an important influence on employee compliance with cybersecurity initiatives. This is significant because it highlights to managers the importance of not simply expecting compliant employee behaviour to follow from the introduction of cybersecurity initiatives, but that employees need to be convinced that the initiatives are fair and reasonable. Interestingly, we did not find sufficient support for our expectation that the increased likelihood of a cybersecurity incident will moderate the legitimacy-policy compliance relationship. This result suggests that the legitimacy perceptions of employees are unyielding to differences in the risk characteristics of the cybersecurity incidents facing organisations.
期刊介绍:
The Information Systems Journal (ISJ) is an international journal promoting the study of, and interest in, information systems. Articles are welcome on research, practice, experience, current issues and debates. The ISJ encourages submissions that reflect the wide and interdisciplinary nature of the subject and articles that integrate technological disciplines with social, contextual and management issues, based on research using appropriate research methods.The ISJ has particularly built its reputation by publishing qualitative research and it continues to welcome such papers. Quantitative research papers are also welcome but they need to emphasise the context of the research and the theoretical and practical implications of their findings.The ISJ does not publish purely technical papers.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
