“SME executives’ perceptions and the information security preparedness model”
Information and Computer Security
ISSN: 2056-4961
Article publication date: 29 March 2021
Issue publication date: 3 August 2021
Abstract
Purpose
Information security has increasingly been in the headlines as data breaches continue to occur at alarming rates. This paper aims to propose an Information Security Preparedness Model that was developed to examine how SME executives’ perceptions of security importance, implementation challenges and external influences impact their awareness and commitment to security preparedness.
Design/methodology/approach
Funded by the Department of Justice, a national survey of SME executives’ perceptions of information security preparedness was conducted. Using PLS-SEM, the survey responses were used to test the proposed Information Security Preparedness Model.
Findings
The results indicate that as perceptions of security importance and external influences increase, SME executives’ awareness and commitment to information security also increases. In addition, as implementation challenges increase, awareness and commitment to information security decreases. Finally, as security importance and awareness and commitment to information security increases, executives’ perception of security preparedness also increases.
Research limitations/implications
Executive perceptions of information security were measured and not the actual level of security. Further research that examines the agreement between executive perceptions and the true state of information security within the organization is warranted.
Originality/value
Prior information security studies using Roger’s (1975, 1983) Protection Motivation Theory have produced mixed results. This paper develops and tests the Information Security Preparedness Model to more fully explain SME executive’s perceptions of information security.
Keywords
Acknowledgements
This project was supported by Grant No. 2008-DD-BX-0609 awarded by the Bureau of Justice Assistance. The Bureau of Justice Assistance is a component of the US Department of Justice's Office of Justice Programs, which also includes the Bureau of Justice Statistics, the National Institute of Justice, the Office of Juvenile Justice and Delinquency Prevention, the Office for Victims of Crime, and the SMART Office. Points of view or opinions in this document are those of the author and do not necessarily represent the official position or policies of the US Department of Justice.
The authors are grateful for the financial support received from US Department of Justice.
Citation
Saban, K.A., Rau, S. and Wood, C.A. (2021), "“SME executives’ perceptions and the information security preparedness model”", Information and Computer Security, Vol. 29 No. 2, pp. 263-282. https://doi.org/10.1108/ICS-01-2020-0014
Publisher
:Emerald Publishing Limited
Copyright © 2021, Emerald Publishing Limited