In This Story
It is a truth universally acknowledged that a person in possession of any official, medical, or financial paperwork must be worried about potential data breaches. We live in an online time. Information is stored virtually. Just as old-time bank robbers could access vaults if they had the inclination, modern criminals can鈥攊f they have the right skills鈥攁ccess all that data online.
Information security is a critical part of every organization. However, it鈥檚 also expensive鈥攁 problem for executives deciding on funding allocation.聽Nirup Menon, professor and chair of information systems and operations management, along with coauthor Mikko Siponen, delved into the role personality plays in determining how executives react to information security costs. Their paper鈥檚 premise is simple: Security managers propose system security measures, and the executive makes a decision depending on a variety of factors, including cost, risk-benefit analysis, and鈥攊t turns out鈥攖he executive鈥檚 鈥減referred subordinate influence approach.鈥 That is, the X factor in whether an executive adopts a proposal is in his or her cognition鈥攚hether they are emotional or rational.
In the paper, 鈥淓xecutives鈥 Commitment to Information Security: Interaction between the Preferred Subordinate Influence Approach and Proposal Characteristics,鈥 Menon and Siponen note, 鈥淚n information security, subordinates can frame a proposal positively (e.g., action increases protection) or negatively (e.g., inaction increases risk). The framing of information security proposals affects the motivation of the message recipient to exert effort in decision making.鈥 In short, data security proposals should be customized to the receiver. It鈥檚 not only the message but the way the message is received that safeguards information.