期刊名称:Communications of the Association for Information Systems
印刷版ISSN:1529-3181
出版年度:2020
卷号:47
页码:338-363
DOI:10.17705/1CAIS.04716
语种:English
出版社:Association for Information Systems
摘要:High-profile cybersecurity incidents, such as the 2019 Capital One data breach and the 2017 Equifax breach, have engendered doubts about firms’ trustworthiness and resulted cybersecurity becoming a critical risk factor firms must address. Breaches can precipitate extreme consequences for affected firms’ managers, shareholders, and customers. Unsurprisingly, data breaches represent IT leaders’ biggest concern. In this paper, we report on a qualitative field study in which we interviewed C-level executives and IT consultants to investigate cybersecurity concerns and factors that influence adoption decisions for cybersecurity. We found that the traditional technology-organization-environment (TOE) framework does not fully capture the range of issues in the cybersecurity context. Thus, we propose a new extended TOE framework that pertains specifically to cybersecurity-adoption decisions. This extended framework includes new dimensions, cyber catalysts, practice standards, and new factors under the traditional technology, organization, and environment dimensions.
