EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Deterrent effects of punishment and training on insider security threats: a field experiment on phishing attacks

Bora Kim, Do-Yeon Lee and Beomsoo Kim

Behaviour and Information Technology, 2020, vol. 39, issue 11, 1156-1175

Abstract: There is no doubt that organisational security threats are currently surging, internally and externally. In an effort to prevent internal threats – employee violations of information security policy (ISP) – security training programmes and sanction policies are implemented to a large extent in organisations. However, few studies have verified their practical effectiveness and the impact of individual characteristics within organisations. This study conducted a field experiment to examine the actual deterrent effect of those measures against phishing attacks. By fabricating fake phishing schemes through a simulation programme, the specific deterrent effect of punishment, the general deterrent effect of education, and employees’ organisational position were tested on their ISP compliance behaviour. Findings confirmed that punishment effectively prevented the punished from falling for phishing again and that the trained group fell for phishing much less often than the untrained group. In addition, the higher one’s organisational position, the more likely the person fell for phishing. Regardless of the treatment (i.e. training or punishment), this position effect stood out. The results of this study offer researchers and practitioners insightful information about effective deterrence measures and policies for organisational information security.

Date: 2020
References: Add references at CitEc
Citations: View citations in EconPapers (1)

Downloads: (external link)
http://hdl.handle.net/10.1080/0144929X.2019.1653992 (text/html)
Access to full text is restricted to subscribers.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:taf:tbitxx:v:39:y:2020:i:11:p:1156-1175

Ordering information: This journal article can be ordered from
http://www.tandfonline.com/pricing/journal/tbit20

DOI: 10.1080/0144929X.2019.1653992

Access Statistics for this article

Behaviour and Information Technology is currently edited by Dr Panos P Markopoulos

More articles in Behaviour and Information Technology from Taylor & Francis Journals
Bibliographic data for series maintained by Chris Longhurst ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-20
Handle: RePEc:taf:tbitxx:v:39:y:2020:i:11:p:1156-1175