Litcius/Paper detail

Exploring Contrasting Effects of Trust in Organizational Security Practices and Protective Structures on Employees’ Security-Related Precaution Taking

Malte Greulich, Sebastian Lins, Daniel Pienta, Jason Bennett Thatcher, Ali Sunyaev

2024Information Systems Research21 citationsDOI

Abstract

Encouraging employees to take security precautions is a vital strategy that organizations can use to reduce their vulnerability to information security (ISec) threats. This study investigates how the bright- and dark-side effects of trust in organizational information security impact employees’ intention to take security precautions. Employees who trust organizational security practices are more committed to protecting the organization and are more willing to take security precautions. To foster trust in organizational security practices and security commitment, ISec managers should establish a trusting security climate to ensure that employees can speak freely about the security problems they face in their work and receive support to resolve those problems if needed. This study also alerts managers to the potential adverse consequences of employees’ trust in the organization’s protective structures. We find that employees’ trust in the organization’s protective structures can backfire, making employees complacent regarding security. Further analyses indicate that security mindfulness mediates the influence of security complacency and security commitment on precaution taking. This study contributes by exploring and verifying the bright- and dark-side effects of trust in organizational ISec.

Topics & Concepts

BusinessSecurity managementInformation securityVulnerability (computing)Work (physics)Security information and event managementInformation security managementPublic relationsComputer securityInternet privacyCloud computing securityComputer scienceFinanceCloud computingMechanical engineeringOperating systemPolitical scienceEngineeringInformation and Cyber SecurityOrganizational and Employee PerformanceCyberloafing and Workplace Behavior