NEVER CHANGE A RUNNING SYSTEM? HOW STATUS QUO-THINKING CAN INHIBIT SOFTWARE AS A SERVICE ADOPTION IN ORGANIZATIONS

Despite the “buzz” about Software as a Service (SaaS), decision makers still often refrain from replacing their existing in-house technologies with innovative IT services. Industry reports indicate that the skeptical attitude of decision makers stems primarily from a high degree of uncertainty that exists, for example, due to insufficient experience with the new technology, a lack of best practice approaches, and missing lighthouse projects. Whereas previous research is predominantly focused on the advantages of SaaS, behavioral economics conclusively demonstrate that reference points like the evaluation of the incumbent technology or a familiar product are oftentimes prevalent when decisions are made under uncertainty. In this context, Status Quo-Thinking may inhibit decisions in favor of potentially advantageous IT service innovations. Drawing on Prospect Theory and Status Quo Bias re-search, we derive and empirically test a research model that explicates the influence of the incumbent technology on the evaluation of SaaS. Based on a large-scale empirical study, we demonstrate that the decision makers’ attitude toward SaaS is highly dependent on their current systems and their level of SaaS. A lack of SaaS experience will increase the impact of the Status Quo, thus inhibiting a potential advantageous adoption of the new technology

Cloud Computing Providers’ Unrealistic Optimism regarding IT Security Risks: A Threat to Users?

Despite providers’ constant promises of high IT security levels in the Cloud, various serious security incidents have taken place in the last years. By drawing on the psychological theory of ‘unrealistic optimism’ we add a new perspective to the stream of IT security research which allows us to shed light on the nature of providers’ IT security risk perceptions and their lack of motivation to invest in countermeasures. Based on a longitudinal mixed-methods study, we reveal that Cloud providers suffer from ‘unrealistic optimism’ and therefore significantly underestimate their services’ exposure to IT security risks, which in turn reduces the propensity to implement necessary IT security measures in the Cloud. We also found that providers’ overconfidence concerning their company’s control over IT security risks is a major factor to determine unrealistic optimism in the Cloud. We discuss implications for research and practice

PERCEIVED IT SECURITY RISKS IN CLOUD ADOPTION: THE ROLE OF PERCEPTUAL INCONGRUENCE BETWEEN USERS AND PROVIDERS

Despite the widely recognized prevalence of IT security risk concerns in users´ Cloud adoption, little is understood about how Cloud providers assess IT security risks and in what ways potential disagreements among providers and potential users on the IT security risks of Cloud services affect users´ adoption intentions. Drawing on perceptual congrunce research and risk perception theory, our study examines matched survey responses of providers and potential users of their Cloud services. Our findings show a consistent pattern of perceptual differences across all relevant IT security risk dimensions of Cloud Computing. We also show that this disagreement between the providers of Cloud services and their potential users has strong adverse effects on important downstream user beliefs and, ultimately, on users´ intentions to adopt the services. We discuss implications for research and practice

The Role of Top Managers’ IT Security Awareness in Organizational IT Security Management

Despite the widely recognized importance of top managers’ IT security awareness for effective IT security management, previous research has paid little attention to its complex nature. Against this backdrop, we conducted a structured literature review to identify and organize factors that have been found to determine managerial IT security awareness. Particularly, a systematic consolidation of the literature streams in combination with expert interviews and Q-sorting revealed that individual- and organization-related factors form two distinct dimensions of managers’ IT security awareness. Within the qualitative evaluation, we identified two supplementary factors (one in each dimension). Further, we found that the awareness of both top managers and managers at the department level is crucial for effective IT security management. Our proposed conceptualization will enable both researchers and practitioners to better understand managers’ IT security awareness and to subsequently develop interventions dedicated at improving managers’ awareness and thus the effectiveness of IT security management

Gender Differences in Mobile Users’ IT Security Appraisals and Protective Actions: Findings from a Mixed-Method Study

Recent reports show that mobile users often refrain from taking the necessary precautionary actions to protect their mobile devices from IT security threats. To improve users’ protective behavior, it is necessary to have a better understanding of the downstream beliefs and attitudes. Although previous IS research has intensively investigated protection behavior in the IT context, findings from psychological studies that people’s threat and coping appraisals are gender-specific are largely neglected. Drawing on gender schema theory and protection motivation theory, the present study analyzes gender differences in the formation of mobile users’ intentions to take precautionary actions and their consequent coping behavior. Utilizing a two-step mixed-method research approach (survey, experiment, and interviews) and drawing data from 177 Android users, we show that female and male mobile users’ problem-focused coping behaviors are based on different threat and coping appraisals. These findings have significant implications both for future research and for practitioners

Unrealistischer Optimismus der Cloud Computing Anbieter bezüglich IT Sicherheitsrisiken – Eine Bedrohung für die Nutzer?

Anbieter von Cloud Computing (CC) Lösungen versprechen zahlreiche technische und ökonomische Vorteile gegenüber klassischen IT Outsourcing Konzepten. Der Paradigmenwechsel hin zu CC induziert jedoch auch neuartige IT Sicherheitsrisiken, die zu erheblichen Bedenken seitens potenzieller Anwender führen. Anbieter von CC Lösungen betonen hingegen stetig die hohen Standards der IT Sicherheit ihrer eigenen Angebote. Auf Grundlage der kognitionspsychologischen Theorie des „unrealistischen Optimismus“ und einer empirischen Untersuchung unter deutschen CC Anbietern zeigen wir, dass Anbieter die IT Sicherheitsrisiken ihrer eigenen CC Angebote in vielen Fällen systematisch unterschätzen. Das Verständnis der systematischen Verzerrungen bei der Risikowahrnehmung ermöglicht Wissenschaftlern, Anbietern und Nutzern das tatsächliche Risiko besser zu bewerten und so gezielter Strategien zur Verbesserung der IT Sicherheit im CC zu entwickeln

Which IT Security Investments Will Pay Off for Suppliers? Using the Kano Model to Determine Customers’ Willingness to Pay

Although cost-benefit analyses are an important aspect of information technology (IT) security (ITS) management, previous research focuses largely on the customer perspective and neglects the supplier side. However, since ensuring a high level of ITS in modern IT products is typically associated with a large investment, customers’ willingness to pay is essential for decision making in the context of IT product development. We draw on Kano’s theory of attractive quality to analyze how customers generally evaluate implemented ITS safeguards. Based on expert interviews and a large-scale empirical study involving customer company decision makers, this paper demonstrates that different customer evaluations of ITS safeguards are associated with different levels of willingness to pay. Therefore, our results will enable IT suppliers not only to understand their customers’ ITS needs but also to derive optimal ITS strategies, which may provide both economic and competitive advantages. Further theoretical and practical implications are also discussed

Representación matemática de una terapéutica: circulación de inscripciones tecnocientíficas en el tratamiento de la litotripsia extracorporal The mathematic representation of a treatment: the circulation of technoscientific inscriptions in extracorporeal lithotripsy

La noción estandarizada en las ciencias sociales en torno a la representación se refiere a los conocimientos expresados en el lenguaje provenientes de elaboraciones supraindividuales. Esta noción enfatiza el sustento social del conocimiento, pero minimiza los sustentos materiales y simbólicos que le son inherentes y sin los cuales no podría ser cabalmente comprendido. Sostengo que la circulación de inscripciones heterogéneas soporta la elaboración de las representaciones y para demostrarlo analizo las prácticas del mejoramiento de una terapéutica para cálculos renales, mostrando cómo los científicos ponen en circulación una serie de objetos, animales, modelos, textos, etc., hasta transformarlos en una representación matemática de una terapéutica.<br>Within the social sciences, the standardized notion of representation refers to knowledge expressed through language and sourced from supra-individual thought processes. This notion underscores the social foundation of knowledge while minimizing its inherent material and symbolic foundations, without which it cannot be wholly understood. The article argues that the circulation of heterogeneous inscriptions underpins the elaboration of representations. To demonstrate this, I analyze practices intended to improve a therapeutic treatment for kidney stones and show how scientists place a series of objects, animals, models, texts, and so on in circulation, eventually transformed into the mathematic representation of a treatment