Factors Influencing Adoption of Information Security

Detta är en Uppsats för yrkesexamina på avancerad nivå från Blekinge Tekniska Högskola/Institutionen för industriell ekonomi

Författare: Klara Wassenius; Wilma Jonasson; [2023]

Nyckelord: Technology Adoption; Information Security; TOE Framework; Decisionmaking; Qualitative Research.; Technology Adoption; Informations Säkerhet; TOE Ramverket; Beslutsfattande; Kvalitativ Studie.;

Sammanfattning: Background: Over the past years, organisations have been facing an increasedthreat from cyber criminality. This amplifies the necessity for organisations to implement highly secure systems to protect sensitive information.Purpose: Explore and identify factors that influence organisations’ willingness toadopt information security. The TOE framework is utilised to analyse and presentthe findings from the study, a commonly used and well-adapted framework appliedin multiple previous studies of technology adoption.Method: A qualitative research approach is used since it favours the exploratorynature of gaining a deeper understanding of why organisations adopt informationsecurity. Semi-structured interviews were conducted to gain a more profound understanding from the executive/top managers, IT managers, and others affected bysecurity adoption in the organisation.Results: The resulting factors are presented in the three contexts from the TOEframework. Technological context: tenability, relative advantage, return on investment, cost, complexity, and compatibility. Organisational context: willingness toadopt, organisational readiness, knowledge and expertise, external support, communication process, organisational awareness, and top management support. Environmental context: competitiveness, external pressure, geopolitics and external events,fear of exposure, experience and laws and regulations.Conclusions: The findings from this study clearly show factors that strongly impactorganisations to adopt information security. Top managers have a great responsibility to ensure the investment in security systems is sufficient to stay competitive andtrustworthy. The IT managers are expected to handle security concerns that theorganisation may be confronted by. The limited resources of expertise create significant challenges for the organisation to implement sufficient solutions. Leading toa high demand for external expertise to handle the security problems faced in theorganisation, creating an insufficient understanding and awareness of the problemsconcerning information security in the organisation. This thesis contributes withnuanced findings of why organisations adopt information security. The results alsocontribute to expanding previous findings in technology adoption adapting the TOEframework.

  HÄR KAN DU HÄMTA UPPSATSEN I FULLTEXT. (följ länken till nästa sida)