Escalation of commitment as an antecedent to noncompliance with information security policy

Kajtazi, Miranda; Cavusoglu, Hasan; Benbasat, Izak; Haftor, Darek

doi:10.1108/ics-09-2017-0066

Cited by 20 publications

(20 citation statements)

References 49 publications

(98 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The second one is the prospect theory, which suggests that individuals' intention to escalate on their decisions depends on the effect of sunk cost as well as their risk perceptions (Tversky and Khaneman, 1981). According to the prospect theory, individuals who have not experienced a previous loss are more likely to engage in riskseeking and even continue a failing course of action (Kajtazi et al, 2018).…”

Section: Escalation Of Commitmentmentioning

confidence: 99%

That’s why they didn’t let it go: exploring the roots of women entrepreneurs’ escalation of commitment

Nouri

2020

JEEE

View full text Add to dashboard Cite

Purpose Escalation of commitment is one of the most important decision-making biases among entrepreneurs and may deprive them of valuable resources and even result in their eventual failure. Many entrepreneurs become escalated to their ongoing plans by allocating more resources, even after receiving negative feedbacks regarding those plans. Although the escalating behavior is an inherent part of the entrepreneurial cognition, previous studies have mostly ignored its antecedents among entrepreneurs. This dearth of studies is more severe regarding women entrepreneurs, whose biases have rarely been investigated. Therefore, this paper aims to explore the antecedents of the escalation of commitment among women entrepreneurs. Design/methodology/approach To explore the antecedents of the escalation of commitment in women entrepreneurs’ decisions based on their lived experiences, this paper used a narrative inquiry. The data were collected by conducting in-depth interviews with three Iranian women entrepreneurs running small businesses and analyzed by narrative data analysis. Findings According to the findings, bitter memories of previous failures, overconfidence and familial pressure are the main antecedents of the escalation of commitment in women entrepreneurs. Practical implications This study has a very important managerial implication for women entrepreneurs, who should know that while decision-making biases may occur unintentionally, they are able to reduce the harmful effects and enhance the benefits of biases by knowing their most common signs. Originality/value This study is a pioneer in exploring women entrepreneurs’ biases and took a novel approach by conducting a narrative analysis of women entrepreneurs’ escalation of commitment.

show abstract

Section: Escalation Of Commitmentmentioning

confidence: 99%

That’s why they didn’t let it go: exploring the roots of women entrepreneurs’ escalation of commitment

Nouri

2020

JEEE

View full text Add to dashboard Cite

show abstract

“…Research showing how employees can influence the effectiveness of their respective organizations' cybersecurity efforts is well documented (Crossler et al, 2013;Warkentin & Willison, 2009). In fact, a substantial body of literature has examined the detrimental impacts of employee behavior like computer abuse (Lee et al, 2004;Straub & Nance, 1990;Willison & Warkentin, 2013), noncompliance with information security policies (ISPs; Gwebu et al, 2020;Kajtazi et al, 2018;Lowry & Moody, 2015), and shadow IT utilization (Silic & Back, 2014;Zimmermann & Rentrop, 2014). Conversely, research has also shown how employees can act as "protective stewards" of sensitive organizational assets as they actively attempt to defend their organizations from threats (Burns et al, 2018;Posey et al, 2013Posey et al, , 2015.…”

Section: Introductionmentioning

confidence: 99%

Phishing for Long Tails: Examining Organizational Repeat Clickers and Protective Stewards

et al. 2021

View full text Add to dashboard Cite

Organizational cybersecurity efforts depend largely on the employees who reside within organizational walls. These individuals are central to the effectiveness of organizational actions to protect sensitive assets, and research has shown that they can be detrimental (e.g., sabotage and computer abuse) as well as beneficial (e.g., protective motivated behaviors) to their organizations. One major context where employees affect their organizations is phishing via email systems, which is a common attack vector used by external actors to penetrate organizational networks, steal employee credentials, and create other forms of harm. In analyzing the behavior of more than 6,000 employees at a large university in the Southeast United States during 20 mock phishing campaigns over a 19-month period, this research effort makes several contributions. First, employees’ negative behaviors like clicking links and then entering data are evaluated alongside the positive behaviors of reporting the suspected phishing attempts to the proper organizational representatives. The analysis displays evidence of both repeat clicker and repeat reporter phenomena and their frequency and Pareto distributions across the study time frame. Second, we find that employees can be categorized according to one of the four unique clusters with respect to their behavioral responses to phishing attacks—“Gaffes,” “Beacons,” “Spectators,” and “Gushers.” While each of the clusters exhibits some level of phishing failures and reports, significant variation exists among the employee classifications. Our findings are helpful in driving a new and more holistic stream of research in the realm of all forms of employee responses to phishing attacks, and we provide avenues for such future research.

show abstract

“…An understanding of security policy provides a new lens for learning noncompliance behavior. Employees sometimes sacrifice compliance with information security policies to complete their duties [34] Sharma, which states that organizational commitment influences behavioral intentions to comply with the Security Policy Information and employee status has an impact on organizational commitment [35]. This study argues that organizational commitment can improve compliance directly without influencing with user intention or employee status.…”

Section: Conceptual Frameworkmentioning

confidence: 88%

A Model of Information Security Policy Compliance for Public Universities: A Conceptual Model

Angraini

Alias

Okfalisa

2019

Advances in Intelligent Systems and Computing

View full text Add to dashboard Cite

The university is an organization that manages much public information, and therefore, information security policies are developed to ensure data security. However, during implementation still founded disobey behavior user and has an impact on data security. The previous research has been conducted to find influencing factor user comply with information security, although some model and theories still limited to implementation. There is a lack of researchers combine behavioral theory and organizational theory to develop models and previous model inadequate to universities that have unique characteristics. This study aims to explore and identify factors that influence information security compliance and continue to develop conceptual models for assessing information security policies. This conceptual model creates based on a systematic literature review and preliminary study. The results in the conceptual model found several variables, namely habits, attitudes, moral beliefs, self-efficacy from behavioral theories and human culture, commitment, rewards, costs can be used to evaluate user compliance with information security policies. Conceptual will be tested further to contribute to help universities to ensure and assess users to comply with information security policies.

show abstract

Escalation of commitment as an antecedent to noncompliance with information security policy

Cited by 20 publications

References 49 publications

That’s why they didn’t let it go: exploring the roots of women entrepreneurs’ escalation of commitment

That’s why they didn’t let it go: exploring the roots of women entrepreneurs’ escalation of commitment

Phishing for Long Tails: Examining Organizational Repeat Clickers and Protective Stewards

A Model of Information Security Policy Compliance for Public Universities: A Conceptual Model

Contact Info

Product

Resources

About