Information security in SMEs: determinants of CEOs’ protective and supportive behaviors
DOI:
https://doi.org/10.3917/sim.193.0007Abstract
This research addresses the determinants of CEOs’ actions regarding the information security (ISS) of small and medium enterprises (SMEs). This article aims to (a) identify factors influencing CEOs’ ISS actions, (b) examine the relevance of protection motivation theory (PMT) in explaining top management support (TMS, i.e., supportive actions), and (c) find potential differentiated effects on protective vs. supportive actions.
The results of a questionnaire-based survey (N=200) show that the PMT and social influence constructs, while explaining a significant amount of variance, exert differentiated effects: in contrast with protective actions, which are influenced mainly by self-efficacy, SME CEOs’ supportive actions are strongly affected by the social influence of peers (partners and competitors) and customers.
At a theoretical level, this research validates the relevance of the PMT framework for the study of TMS determinants in the context of ISS. This study is also the first to distinguish between these two types of actions and offers new insights on CEOs’ ISS-related behavior literature. For practitioners, the results imply that even when CEOs do not exert protective actions, it is important to build on their professional relations to trigger and enhance their supportive actions.
References
Systèmes d'information et management
Downloads
Published
How to Cite
Issue
Section
License
The author bears the responsibility for checking whether material submitted is subject to copyright or ownership rights (e.g. figures, tables, photographs, illustrations, trade literature and data). The author will need to obtain permission to reproduce any such items, and include these permissions with their final submission.
It is our policy to ask all contributors to transfer for free the copyright in their contribution to the journal owner. There are two broad reasons for this:
- ownership of copyright by the journal owner facilitates international protection against infringement of copyright, libel or plagiarism;
- it also ensures that requests by third parties to reprint or reproduce a contribution, or part of it, in either print or electronic form, are handled efficiently in accordance with our general policy which encourages dissemination of knowledge within the framework of copyright.
In conformity with the French law, the author keeps the 'moral rights' related to the article:
- The 'authorship right': It is the author's right to have his name associated with each publication and exploitation of the article.
- The 'integrity right': It can be claimed by the author if he finds that during an exploitation, his work has been distorted (cutting, reassembly...).

