Trick with treat – Reciprocity increases the willingness to communicate personal data

Happ, Christian; Melzer, André; Steffgen, Georges

doi:10.1016/j.chb.2016.03.026

Cited by 40 publications

(17 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…This seems to be a common feeling across the sample, probably given the difficulty in controlling risks connected to these sources when they inadvertently put their companies at risk. Our work enriches the current body of knowledge by presenting these findings that find confirmation in the literature, as highlighted also by Happ et al (2016): we offer insights that clearly show how in several occasions employees do not even realise they have been manipulated and or that they have inadvertently disclosed sensitive information, so it seems they’re not “prepared” according to the principles of supply chain resilience. This lack of “preparedness” could also mean that companies are not completely aligned with an evolutionary resilience approach, given that they seem to struggle in having an adaptive capacity to the changing situations in their own workforce.…”

Section: Findings and Discussionsupporting

confidence: 61%

“…While in several occasions employees deliberately act against the interests of their own employers, some cases are related to non-intentional actions that include forwarding of infected messages, sharing of passwords or account details, replying to phishing messages, and retrieving and storing data on portable and uncontrolled devices (PwC, 2014). Employees are progressively becoming the vehicle for malicious attacks: this happens through the so-called “social engineering” techniques, which involve tricking human beings into breaking companies’ common security procedures and divulgating confidential information (Happ et al , 2016). Recent research points at phishing and social engineering as the top source of cyber disruption (BCI, 2016).…”

Section: Theoretical Backgroundmentioning

confidence: 99%

See 1 more Smart Citation

Managing cyber and information risks in supply chains: insights from an exploratory analysis

Colicchia

Creazza

Menachof

2019

SCM

View full text Add to dashboard Cite

The increasing level of connectivity is transforming supply chains, and it creates new opportunities but also new risks in the cyber space. Hence, cyber supply chain risk management (CSCRM) is emerging as a new management construct. The purpose of this paper is to explore how companies approach the management of cyber and information risks in their supply chain, what initiatives they adopt to this aim, and to what extent along the supply chain. The ultimate aim is to help organizations in understanding and improving the CSCRM process and cyber resilience in their supply chains. Design/methodology/approach: This research relied on a qualitative approach based on a comparative case study analysis involving five large multinational companies with headquarters, or branches, in the UK. Findings: Results highlight the importance for CSCRM to shift the viewpoint from the traditional focus on companies' internal information technology infrastructure, able to "firewall themselves" only, to the whole supply chain with a cross-functional approach; initiatives for CSCRM are mainly adopted to "respond" and "recover" without a well-rounded approach to supply chain resilience for a long-term capacity to adapt to changes according to an evolutionary approach. Initiatives are adopted at a firm/dyadic level, and a network perspective is missing. Research limitations/implications: This paper extends the current theory on cyber and information risks in supply chains, as a combination of supply chain risk management and resilience, and information risk management. It provides an analysis and classification of cyber and information risks, sources of risks and initiatives to managing them according to a supply chain perspective, along with an investigation of their adoption across the supply chain. It also studies how the concept of resilience has been deployed in the CSCRM process by companies. By laying the empirical foundations of the subject, our study stimulates further research on the challenges and drivers of initiatives and coordination mechanisms for CSCRM at a supply chain network level. Practical implications: Results invite companies to break the "silos" of their activities in CSCRM, embracing the whole supply chain network for better resilience. The adoption of information technology security initiatives should be combined with organizational ones and extended beyond the dyad. Where applicable, initiatives should be bi-directional to involve supply chain partners, remove the typical isolation in the CSCRM process, and leverage the value of information. Decisions on investments in CSCRM should involve also supply chain managers according to a holistic approach. Originality/value: A supply chain perspective in the existing scientific contributions is missing in the management of cyber and information risk. This is one of the first empirical studies dealing with this interdisciplinary subject, focusing on risks that are now very high in the companies' agenda, but still overlooked. It contributes to theory on information risk ...

show abstract

Section: Findings and Discussionsupporting

confidence: 61%

Section: Theoretical Backgroundmentioning

confidence: 99%

Managing cyber and information risks in supply chains: insights from an exploratory analysis

Colicchia

Creazza

Menachof

2019

SCM

View full text Add to dashboard Cite

show abstract

“…Although consumers might report high concerns over their information privacy, they do very little to protect it (Gerber, Gerber, & Volkamer, 2018). In fact, it has been demonstrated that users are willing to share their personal passwords with strangers in exchange for a small piece of chocolate (Happ, Melzer, & Steffgen, 2016). However, many studies have debated the existence of privacy paradox.…”

Section: Privacy Calculusmentioning

confidence: 99%

Privacy concerns and disclosure of biometric and behavioral data for travel

Ioannou

Tussyadiah

Lü

2020

International Journal of Information Management

View full text Add to dashboard Cite

In light of mounting privacy concerns over the increasing collection and use of biometric and behavioral information for travel facilitation, this study examines travelers' online privacy concerns (TOPC) and its impact on willingness to share data with travel providers. A proposed theoretical model explaining antecedents and outcomes of TOPC related to biometric and behavioral data sharing was tested using structural equation modeling with data collected from 685 travelers. The results extend the Antecedents -Privacy Concerns -Outcomes (APCO) framework by identifying a set of salient individual factors that shape TOPC. The findings provide empirical evidence confirming the context dependence of privacy preferences, showing that although travelers are concerned over their information privacy they are still willing to share their behavioral data; while in the case of biometric information, the disclosure decision is dependent upon expected benefits rather than privacy concerns. This study offers insights into privacy behavior of online consumers in the travel context and constitutes one of the few focusing on the social aspects of biometric authentication.

show abstract

“…Besides, users overestimate the security of their passwords and do not have a good understanding of password strength (Ur et al, 2016). It is also easy to trick users to divulge their passwords for simple rewards (Happ, Melzer, & Steffgen, 2016).…”

Section: Introductionmentioning

confidence: 99%

Why Do Not We Use Password Managers? A Study on the Intention to Use Password Managers

Ayyagari

Lim²,

Hoxha³

2019

CMR

View full text Add to dashboard Cite

Why don't individuals follow the best information security practices? We address an aspect of this question by focusing on one of the most common authentication methodspasswords. To promote better password habits, security experts consistently recommend the use of password managers as a best practice, but recent research shows their usage rate is low. Therefore, understanding the factors that influence the use of a password manager is important. We contribute to this cause by drawing on information security and technology adoption literature. Survey results from 120 participants with varying numbers of internet accounts yield some counterintuitive findings. As proposed, perceived severity and perceived vulnerability of password loss strongly influenced intent to use password managers. However, perceived ease of use diminished the intent to use password managers, and trust is only partially supported. Our results indicate that 'security' aspects of password managers are more important than 'usability' aspects. The implications of these findings for password management are discussed.

show abstract

Trick with treat – Reciprocity increases the willingness to communicate personal data

Cited by 40 publications

References 17 publications

Managing cyber and information risks in supply chains: insights from an exploratory analysis

Managing cyber and information risks in supply chains: insights from an exploratory analysis

Privacy concerns and disclosure of biometric and behavioral data for travel

Why Do Not We Use Password Managers? A Study on the Intention to Use Password Managers

Contact Info

Product

Resources

About