 Designing an incentive mechanism for information security policy compliance: An experimentYuanxiang John Li and Elizabeth Hoffman Journal of Economic Behavior & Organization, 2023, vol. 212, issue C, 138-159 Abstract: Much information security research focuses on policies firms could adopt to reduce or eliminate employees’ violation behavior. However, current information security policies are based on increasingly outmoded models of compliance behavior. This paper proposes a novel behavioral-based mechanism that offers rewards and punishments to incentivize employees to take the time to protect a company's information assets. This new mechanism is grounded in insights from externality taxes and subsidies, as well as from behavioral economics, that specific incentives operationalized as monetary rewards and punishments effectively improve information security compliance. We also consider the importance of detection in implementing our mechanism. We conduct a set of laboratory experiments to study the impact of the rewards and punishments, as well as the importance of the probability of detection. Keywords: Information security policy; Mechanism design; Compliance; Reward; Punishment; Behavioral economics (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:eee:jeborg:v:212:y:2023:i:c:p:138-159 DOI: 10.1016/j.jebo.2023.05.033 Access Statistics for this article Journal of Economic Behavior & Organization is currently edited by Houser, D. and Puzzello, D. More articles in Journal of Economic Behavior & Organization from Elsevier |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.