6533b82afe1ef96bd128b753

RESEARCH PRODUCT

Shall we follow? Impact of reputation concern on information security managers’ investment decisions

Xiuyan ShaoMikko T. SiponenFufan Liu

subject

General Computer Sciencemedia_common.quotation_subjectpäätöksentekoorganisaatiotContext (language use)02 engineering and technologydecision makingdiscount own informationtietohallintojohtajat0202 electrical engineering electronic engineering information engineeringHerdingtietoturvauncertaintyBaseline (configuration management)media_commonDiscountingActuarial sciencetietoturvapolitiikka020206 networking & telecommunicationsInformation securityInvestment (macroeconomics)maineenhallintareputational herdingInfosec investmentInvestment decisions020201 artificial intelligence & image processingBusinessLawReputation

description

Information security (infosec) is important for organizations. While budgeting for infosec is a crucial resource allocation decision, infosec managers may choose to follow other fellow experts’ recommendations or baseline practices. The present paper uses reputational herding theory to explain the decision made by infosec managers to use a “let's follow others” strategy in this context. Based on a sample of 106 organizations in Finland, we find that infosec managers’ ability to accurately predict the benefit of infosec investment, as well as their reputations, have significant effects on motivating them to discount their own information. Infosec managers’ discounting of their own information, together with the strength of information that relates to infosec investment and mandatory requirements, motivates infosec investment. Our empirical results highlight the “let's follow others” strategy as an important alternative to cost–benefit analysis in terms of budgeting for infosec investment. peerReviewed

yearjournalcountryeditionlanguage
2020-10-01Computers & Security
https://doi.org/10.1016/j.cose.2020.101961