Cybersecurity Stewardship - Less mandatory, more voluntary. Less punishment, more commitment.
Authors: Obi Ogbanufe, Robert Crossler, David Biros
Thinking of how to further motivate employees towards voluntarily taking ownership of protecting the organization's information assets?
Stewardship is placing the long-term best interests of a group ahead of personal goals (Hernandez, 2012).
"Perceptions of problem ownership and responsibility motivate the determination employees have to perform because of their vested interests in the organization’s outcomes. In this case, the employee’s behavior is due to a sense of moral responsibility that is not forced but that originates in a relationship between the employee and organization".
Abstract
The security of organizations’ information resources is often threatened by employee noncompliance to security policy or negligence. Though technical and procedural controls for
curtailing security violations and motivating secure behaviors have been explored in the literature, security violations persist. Given the significant influence individuals wield on the
welfare of organizations’ security and the dynamic nature of security threats, we explore
voluntary security behaviors through the mechanism of stewardship. Drawing from the
stewardship and information security literature, we develop and test a stewardship model
of voluntary security behaviors using a sample of 409 working individuals. The results show
that organizational support and identification influence stewardship, which in turn affects
voluntary security behaviors.
Findings and their practical implications
Organizational support and organizational identification underscore the covenantal relationship between the employer and employee
This suggests that employees will reciprocate in kind (in our case, stewardship of information resources) when the employer provides services or resources that benefit the employees
Comments