I shall, we shall, and all others will: paradoxical information security behaviour

Purpose The purpose of this paper is to investigate the lemming effect as a possible cause for the privacy paradox in information security. Design/methodology/approach Behavioural threshold analysis is used to test for the presence of the lemming effect in information security behaviour. Paradoxical behaviour may be caused by the influential nature of the lemming effect. The lemming effect is presented as a possible cause of the privacy paradox. Findings The behavioural threshold analysis indicates that the lemming effect is indeed present in information security behaviour and may lead to paradoxical information security behaviour. Practical implications The analysis of the lemming effect can be used to assist companies in understanding the way employees influence each other in their behaviour in terms of security. By identifying possible problem areas, this approach can also assist in directing their information security education endeavours towards the most relevant topics. Originality/value This research describes the first investigation of the lemming effect in information security by means of behavioural threshold analysis in practice.

[1]  L. Brennan,et al.  Review of Behavioural Theories in Security Compliance and Research Challenge , 2017 .

[2]  Malcolm Robert Pattinson,et al.  Determining employee awareness using the Human Aspects of Information Security Questionnaire (HAIS-Q) , 2014, Comput. Secur..

[3]  Spyros Kokolakis,et al.  Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon , 2017, Comput. Secur..

[4]  J. Ray,et al.  The Reliability of Short Social Desirability Scales , 1984 .

[5]  Hennie A. Kruger,et al.  The application of behavioural thresholds to analyse collective behaviour in information security , 2017, Inf. Comput. Secur..

[6]  Leandros A. Maglaras,et al.  Human behaviour as an aspect of cybersecurity assurance , 2016, Secur. Commun. Networks.

[7]  Vince Bruno,et al.  Applications of social network analysis in behavioural information security research: Concepts and empirical analysis , 2017, Comput. Secur..

[8]  Qing Hu,et al.  Future directions for behavioral information security research , 2013, Comput. Secur..

[9]  Barry A. T. Brown,et al.  Studying the Internet Experience , 2001 .

[10]  U. Sekaran,et al.  Research Methods for Business : A Skill Building Approach (5th Edition) , 1992 .

[11]  Serge Egelman,et al.  Behavior Ever Follows Intention?: A Validation of the Security Behavior Intentions Scale (SeBIS) , 2016, CHI.

[12]  Teodor Sommestad,et al.  Variables influencing information security policy compliance: A systematic review of quantitative studies , 2014, Inf. Manag. Comput. Secur..

[13]  Jordan Shropshire,et al.  The influence of the informal social learning environment on information privacy policy compliance efficacy and intention , 2011, Eur. J. Inf. Syst..

[14]  Vince Bruno,et al.  Towards a complete understanding of information security misbehaviours: a proposal for future research with social network approach , 2014 .

[15]  R. Fisher Social Desirability Bias and the Validity of Indirect Questioning , 1993 .

[16]  Cory R. A. Hallam,et al.  Online self-disclosure: The privacy paradox explained as a temporally discounted balance between concerns and rewards , 2017, Comput. Hum. Behav..

[17]  U. Frick,et al.  The Lemming-effect: harm perception of psychotropic substances among music festival visitors , 2014 .

[18]  Malcolm Robert Pattinson,et al.  The Human Aspects of Information Security Questionnaire (HAIS-Q): Two further validation studies , 2017, Comput. Secur..

[19]  Hennie A. Kruger,et al.  Behavioural Thresholds in the Context of Information Security , 2016, HAISA.

[20]  Menno D. T. de Jong,et al.  The privacy paradox - Investigating discrepancies between expressed privacy concerns and actual online behavior - A systematic literature review , 2017, Telematics Informatics.

[21]  Mark S. Granovetter Threshold Models of Collective Behavior , 1978, American Journal of Sociology.

[22]  Hennie A. Kruger,et al.  The Lemming Effect in Information Security , 2017, HAISA.

[23]  Serge Egelman,et al.  Scaling the Security Wall: Developing a Security Behavior Intentions Scale (SeBIS) , 2015, CHI.