Predictors of Email Response: Determinants of the Intention of not Following Security Recommendations


Organizations and government leaders are concerned about cyber incidents. For some time, researchers have studied what motivates people to act in ways that put the confidentiality, integrity, and availability of information in organizations at risk. Still, several areas remained unexplored, including the role of employees’ evaluation of the organizational systems and the role of value orientation at work as precursors of secure and insecure actions in relation to information technologies (information security [IS] action). The objective of this research project was to examine how the evaluations of formal and informal security norms are associated with the intention to follow them and to explore the role of work values, security systems, monitoring employees, and demographics in this association. It is essential to understand the determinants of IS action in the workplace so that interventions aim for organizational behavioral change focusing on a few determinants of IS action. In the execution of the project, several scenarios were formulated. In the scenarios, a character whose actions enact a particular value orientation at work fails to follow security recommendations. Several items were formulated to capture the variables of interest. After ensuring that the materials had good psychometric properties, a sample of 661 U.S. workers was collected and the data submitted to several analyses. The results revealed that the negative evaluation of the importance of security recommendations and the negative evaluation of others relative to following security recommendations were positively associated with the intention of not following those security recommendations. The evaluation of the completeness of security recommendations was negatively associated with the intention of not following them. The perception of others following security recommendations was not associated with the intention of not following them. It was also found that work values, security systems, monitoring, and demographics play a role in the association found. This research project does not support causality but provides evidence of the investigated association. The survey research did not investigate actual actions; however, several precautions were taken to ensure that the results provide preliminary evidence of the precursors of IS action at work

    Similar works