CEOs’ information security behavior in SMEs: Does ownership matter?
Keywords:
Protection motivation theory, owner CEO, SME, behavior, information security.Abstract
Past research in the area of behavioral information security has mainly focused on large company employees. However, SMEs constitute a relevant eld of study, as they rep- resent more than 99 percent of European companies and are subject to rapidly increasing security threats. In addition, within SMEs, CEOs play a vital role in protecting their information through the actions they can initiate and the influence they have on their employees. We attempt to ll a gap in information security (ISS) research, as few studies have aimed to understand CEOs’ behaviors related to the implementation of ISS. In addition, the literature shows that particularly in a small rm context, ownership influences CEOs’ behavior. Even less research has addressed SMEs, specifically with regard to the impact of ownership on CEOs’ ISS-related behaviors. This paper details an empirical study based on the protection motivation theory (PMT) to investigate the following research question: what factors explain SME CEOs’ information security protective behavior? We conducted a questionnaire-based survey with 292 SME CEOs, and we analyzed the collected data using partial least squares (PLS). Because the academic literature shows that SME CEOs engage in specific behaviors, we tested the influence of the PMT on two subgroups: SME owners (n=183) and non-owners (n=109). Our results show very important and significant discrepancies between the two subgroups. Our work is original because it constitutes the first study dedicated to the protective behaviors of SME CEOs; moreover, it distinguishes between owners and non-owners. Our major theoretical contribution corresponds to the identification and investigation of this differentiated population, which requires more in-depth studies. The main managerial implication of our work is that as the factors triggering owner and non-owner SME CEOs protective behaviors are almost in total contrast, any communication or action should be specifically tailored to each audience.
Downloads
Published
How to Cite
Issue
Section
License
The author bears the responsibility for checking whether material submitted is subject to copyright or ownership rights (e.g. figures, tables, photographs, illustrations, trade literature and data). The author will need to obtain permission to reproduce any such items, and include these permissions with their final submission.
It is our policy to ask all contributors to transfer for free the copyright in their contribution to the journal owner. There are two broad reasons for this:
- ownership of copyright by the journal owner facilitates international protection against infringement of copyright, libel or plagiarism;
- it also ensures that requests by third parties to reprint or reproduce a contribution, or part of it, in either print or electronic form, are handled efficiently in accordance with our general policy which encourages dissemination of knowledge within the framework of copyright.
In conformity with the French law, the author keeps the 'moral rights' related to the article:
- The 'authorship right': It is the author's right to have his name associated with each publication and exploitation of the article.
- The 'integrity right': It can be claimed by the author if he finds that during an exploitation, his work has been distorted (cutting, reassembly...).
