Assessing Sunk Cost Effect on Employees´ Intentions to Violate Information Security Policies in Organizations

Author

Kajtazi, Miranda ; Bulgurcu, Burcu ; Cavusoglu, Hasan ; Benbasat, Izak

Author_Institution

Linnaeus Univ., Kalmar, Sweden

fYear

2014

fDate

6-9 Jan. 2014

Firstpage

3169

Lastpage

3177

Abstract

It has been widely known that employees pose insider threats to the information and technology resources of an organization. In this paper, we develop a model to explain insiders´ intentional violation of the requirements of an information security policy. We propose sunk cost as a mediating factor. We test our research model on data collected from three information-intensive organizations in banking and pharmaceutical industries (n=502). Our results show that sunk cost acts as a mediator between the proposed antecedents of sunk cost (i.e., completion effect and goal in congruency) and intentions to violate the ISP. We discuss the implications of our results for developing theory and for re-designing current security agendas that could help improve compliance behavior in the future.

Keywords

organisational aspects; personnel; security of data; ISP; banking; compliance behavior; employees intentions; information security policy; information-intensive organizations; insider intentional violation; mediating factor; pharmaceutical industries; sunk cost effect assessment; technology resources; Educational institutions; Information security; Mathematical model; Organizations; Pharmaceuticals; Reliability; completion effect; goal incongruency; information security violation; insider threats; sunk cost;

fLanguage

English

Publisher

ieee

Conference_Titel

System Sciences (HICSS), 2014 47th Hawaii International Conference on

Conference_Location

Waikoloa, HI

Type

conf

DOI

10.1109/HICSS.2014.393

Filename

6758995