Purpose
The purpose of this paper is to discuss and theorise on the appropriateness and potential impact of risk homeostasis in the context of information security.
Design/methodology/approach
The discussion is mainly based on a literature survey backed up by illustrative empirical examples.
Findings
Risk homeostasis in the context of information security is an under-explored topic. The principles, assumptions and methodology of a risk homeostasis framework offer new insights and knowledge to explain and predict contradictory human behaviour in information security.
Practical implications
The paper shows that explanations for contradictory human behaviour (e.g. the privacy paradox) would gain from considering risk homeostasis as an information security risk management model. The ideas discussed open up the prospect to theorise on risk homeostasis as a framework in information security and should form a basis for further research and practical implementations. On a more practical level, it offers decision makers useful information and new insights that could be advantageous in a strategic security planning process.
Originality/value
This is the first systematic comprehensive review of risk homeostasis in the context of information security behaviour and readers of the paper will find new theories, guidelines and insights on risk homeostasis.
Purpose
The purpose of this paper is to investigate the lemming effect as a possible cause for the privacy paradox in information security.
Design/methodology/approach
Behavioural threshold analysis is used to test for the presence of the lemming effect in information security behaviour. Paradoxical behaviour may be caused by the influential nature of the lemming effect. The lemming effect is presented as a possible cause of the privacy paradox.
Findings
The behavioural threshold analysis indicates that the lemming effect is indeed present in information security behaviour and may lead to paradoxical information security behaviour.
Practical implications
The analysis of the lemming effect can be used to assist companies in understanding the way employees influence each other in their behaviour in terms of security. By identifying possible problem areas, this approach can also assist in directing their information security education endeavours towards the most relevant topics.
Originality/value
This research describes the first investigation of the lemming effect in information security by means of behavioural threshold analysis in practice.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.