Does reputational sanctions deter negligence in information security management? A field quasi-experiment

Security negligence, a major cause of data breaches, occurs when an organization’s information technology management fails to adequately address security vulnerabilities. By conducting a field quasi-experiment using outgoing spam as a focal security issue, this study investigates the effectiveness o...

Full description

Saved in:
Bibliographic Details
Main Authors: TANG, Qian, WHINSTON, Andrew B.
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2020
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/4864
https://ink.library.smu.edu.sg/context/sis_research/article/5867/viewcontent/ReputationSanction_av.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-5867
record_format dspace
spelling sg-smu-ink.sis_research-58672021-05-31T09:04:17Z Does reputational sanctions deter negligence in information security management? A field quasi-experiment TANG, Qian WHINSTON, Andrew B. Security negligence, a major cause of data breaches, occurs when an organization’s information technology management fails to adequately address security vulnerabilities. By conducting a field quasi-experiment using outgoing spam as a focal security issue, this study investigates the effectiveness of reputational sanctions in reducing security negligence in a global context. In the quasi-experiment, a reputational sanction mechanism based on outgoing spam was established for four countries, and for each country, reputational sanctions were imposed on the 10 organizations with the largest outgoing spam volumes—that is, these organizations were listed publicly. We find that because of our reputational sanction mechanism, organizations in the four countries, including those that were not listed, reduced outgoing spam significantly compared to those in similar countries. Within each country, the listed organizations, whose reputations were actually sanctioned, reduced spam to a greater extent than those that were not listed. The spam reduction in the not-listed organizations is mainly driven by increased security awareness, while the reduction in the listed organizations is primarily due to reputation effect. Among the listed organizations, those ranked lower were more responsive to the reputational sanctions. Moreover, we find that reputational sanctions have a stronger effect on large organizations and important organizations that provide network access and transit to others. 2020-02-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/4864 info:doi/10.1111/poms.13119 https://ink.library.smu.edu.sg/context/sis_research/article/5867/viewcontent/ReputationSanction_av.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Field quasi-experiment information security reputational sanction spam Computer Sciences Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Field quasi-experiment
information security
reputational sanction
spam
Computer Sciences
Information Security
spellingShingle Field quasi-experiment
information security
reputational sanction
spam
Computer Sciences
Information Security
TANG, Qian
WHINSTON, Andrew B.
Does reputational sanctions deter negligence in information security management? A field quasi-experiment
description Security negligence, a major cause of data breaches, occurs when an organization’s information technology management fails to adequately address security vulnerabilities. By conducting a field quasi-experiment using outgoing spam as a focal security issue, this study investigates the effectiveness of reputational sanctions in reducing security negligence in a global context. In the quasi-experiment, a reputational sanction mechanism based on outgoing spam was established for four countries, and for each country, reputational sanctions were imposed on the 10 organizations with the largest outgoing spam volumes—that is, these organizations were listed publicly. We find that because of our reputational sanction mechanism, organizations in the four countries, including those that were not listed, reduced outgoing spam significantly compared to those in similar countries. Within each country, the listed organizations, whose reputations were actually sanctioned, reduced spam to a greater extent than those that were not listed. The spam reduction in the not-listed organizations is mainly driven by increased security awareness, while the reduction in the listed organizations is primarily due to reputation effect. Among the listed organizations, those ranked lower were more responsive to the reputational sanctions. Moreover, we find that reputational sanctions have a stronger effect on large organizations and important organizations that provide network access and transit to others.
format text
author TANG, Qian
WHINSTON, Andrew B.
author_facet TANG, Qian
WHINSTON, Andrew B.
author_sort TANG, Qian
title Does reputational sanctions deter negligence in information security management? A field quasi-experiment
title_short Does reputational sanctions deter negligence in information security management? A field quasi-experiment
title_full Does reputational sanctions deter negligence in information security management? A field quasi-experiment
title_fullStr Does reputational sanctions deter negligence in information security management? A field quasi-experiment
title_full_unstemmed Does reputational sanctions deter negligence in information security management? A field quasi-experiment
title_sort does reputational sanctions deter negligence in information security management? a field quasi-experiment
publisher Institutional Knowledge at Singapore Management University
publishDate 2020
url https://ink.library.smu.edu.sg/sis_research/4864
https://ink.library.smu.edu.sg/context/sis_research/article/5867/viewcontent/ReputationSanction_av.pdf
_version_ 1770575067980234752