Which IT Security Investments Will Pay Off for Suppliers? Using the Kano Model to Determine Customers' Willingness to Pay

Although cost-benefit analyses are an important aspect of information technology (IT) security (ITS) management, previous research focuses largely on the customer perspective and neglects the supplier side. However, since ensuring a high level of ITS in modern IT products is typically associated with a large investment, customers' willingness to pay is essential for decision making in the context of IT product development. We draw on Kano's theory of attractive quality to analyze how customers generally evaluate implemented ITS safeguards. Based on expert interviews and a large-scale empirical study involving customer company decision makers, this paper demonstrates that different customer evaluations of ITS safeguards are associated with different levels of willingness to pay. Therefore, our results will enable IT suppliers not only to understand their customers' ITS needs but also to derive optimal ITS strategies, which may provide both economic and competitive advantages. Further theoretical and practical implications are also discussed.

[1]  L. Willcocks,et al.  To outsource IT or not?: recent research on economics and evaluation practice , 1996 .

[2]  Lorrie Faith Cranor,et al.  Security and Usability: Designing Secure Systems that People Can Use , 2005 .

[3]  Kurt Matzler,et al.  The asymmetric relationship between attribute-level performance and overall customer satisfaction: a reconsideration of the importance–performance analysis , 2004 .

[4]  CavusogluHasan,et al.  Institutional pressures in security management , 2015 .

[5]  Yajiong Xue,et al.  Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective , 2010, J. Assoc. Inf. Syst..

[6]  Andrea Carignani,et al.  Defining prerequisites for banking web site design: the wow! approach , 2003, ECIS.

[7]  Wes Sonnenreich,et al.  Return On Security Investment (ROSI) - A Practical Quantitative Modell , 2005, J. Res. Pract. Inf. Technol..

[8]  Tomohiko Sakao,et al.  Quality engineering for early stage of environmentally conscious design , 2008 .

[9]  Ping Ji,et al.  Understanding customer needs through quantitative analysis of Kano's model , 2010 .

[10]  Gilbert Fridgen,et al.  A Quantitative Model for Using Open Innovation in Mobile Service Development , 2013, Wirtschaftsinformatik.

[11]  Diana K. Smetters,et al.  Moving from the design of usable security technologies to the design of useful secure applications , 2002, NSPW '02.

[12]  K. Tan,et al.  Integrating Kano's model in the planning matrix of quality function deployment , 2000 .

[13]  Merrill Warkentin,et al.  Fear Appeals and Information Security Behaviors: An Empirical Study , 2010, MIS Q..

[14]  Detmar W. Straub,et al.  Security concerns of system users: A study of perceptions of the adequacy of security , 1991, Inf. Manag..

[15]  Lars Nilsson-Witell,et al.  Dynamics of service attributes: a test of Kano's theory of attractive quality , 2005 .

[16]  D. Larcker,et al.  Are nonfinancial measures leading indicators of financial performance? An analysis of customer satisfaction , 1998 .

[17]  N. Kano,et al.  Attractive Quality and Must-Be Quality , 1984 .

[18]  Detmar W. Straub,et al.  Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..

[19]  Joerg H. Mayer,et al.  Using the Kano Model to Identify Attractive User-Interface Software Components , 2012, ICIS.

[20]  E. Anderson,et al.  Dual Emphasis and the Long-Term Financial Impact of Customer Satisfaction , 2005 .

[21]  W AndersonEugene,et al.  Dual Emphasis and the Long-Term Financial Impact of Customer Satisfaction , 2005 .

[22]  R. Dholakia,et al.  A multi‐attribute model of web site interactivity and customer satisfaction , 2009 .

[23]  Jun Zhang,et al.  Security Patch Management: Share the Burden or Share the Damage? , 2008, Manag. Sci..

[24]  C Berger,et al.  KANO’S METHODS FOR UNDERSTANDING CUSTOMER-DEFINED QUALITY , 1993 .

[25]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[26]  Izak Benbasat,et al.  Institutional pressures in security management: Direct and indirect influences on organizational investment in information security control resources , 2015, Inf. Manag..

[27]  Z. Rahman,et al.  Capturing the customer’s voice, the centerpiece of strategy making , 2004 .

[28]  Kurt Matzler,et al.  How to make product development projects more successful by integrating Kano's model of customer satisfaction into quality function deployment , 1998 .

[29]  Alexander Reppel,et al.  Internet community bonding:the case of macnews.de , 2004 .

[30]  Peter Buxmann,et al.  Cloud Computing Providers' Unrealistic Optimism regarding IT Security Risks: A Threat to Users? , 2013, ICIS.

[31]  Wayne D. Hoyer,et al.  Do Satisfied Customers Really Pay More? A Study of the Relationship between Customer Satisfaction and Willingness to Pay , 2005 .

[32]  E. Anderson Customer satisfaction and price tolerance , 1996 .

[33]  Kurt Matzler,et al.  THE KANO MODEL: HOW TO DELIGHT YOUR CUSTOMERS , 1996 .

[34]  R. Oliver A Cognitive Model of the Antecedents and Consequences of Satisfaction Decisions , 1980 .

[35]  Leslie P. Willcocks,et al.  A review of the IT outsourcing literature: Insights for practice , 2009, J. Strateg. Inf. Syst..

[36]  Simone Wannemaker Security And Usability Designing Secure Systems That People Can Use , 2016 .

[37]  Muataz Hazza Faizi Al Hazza,et al.  Review on the Theory Of Attractive Quality Kano Model , 2014 .

[38]  Kurt Matzler,et al.  Employee Satisfaction: Does Kano's Model Apply? , 2004 .