CEOs’ information security behavior in SMEs: Does ownership matter?

Yves Barlette (), Katherine Gundolf and Annabelle Jaouen
Additional contact information
Yves Barlette: MRM - Montpellier Research in Management - UPVM - Université Paul-Valéry - Montpellier 3 - UPVD - Université de Perpignan Via Domitia - Groupe Sup de Co Montpellier (GSCM) - Montpellier Business School - UM - Université de Montpellier
Katherine Gundolf: MRM - Montpellier Research in Management - UPVM - Université Paul-Valéry - Montpellier 3 - UPVD - Université de Perpignan Via Domitia - Groupe Sup de Co Montpellier (GSCM) - Montpellier Business School - UM - Université de Montpellier
Annabelle Jaouen: MRM - Montpellier Research in Management - UPVM - Université Paul-Valéry - Montpellier 3 - UPVD - Université de Perpignan Via Domitia - Groupe Sup de Co Montpellier (GSCM) - Montpellier Business School - UM - Université de Montpellier

Post-Print from HAL

Abstract: Past research in the area of behavioral information security has mainly focused on large company employees. However, SMEs constitute a relevant field of study, as they represent more than 99 percent of European companies and are subject to rapidly increasing security threats. In addition, within SMEs, CEOs play a vital role in protecting their information through the actions they can initiate and the influence they have on their employees. We attempt to fill a gap in information security (ISS) research, as few studies have aimed to understand CEOs' behaviors related to the implementation of ISS. In addition, the literature shows that particularly in a small firm context, ownership influences CEOs' behavior. Even less research has addressed SMEs, specifically with regard to the impact of ownership on CEOs' ISS-related behaviors. This paper details an empirical study based on the protection motivation theory (PMT) to investigate the following research question: what factors explain SME CEOs' information security protective behavior? We conducted a questionnaire-based survey with 292 SME CEOs, and we analyzed the collected data using partial least squares (PLS). Because the academic literature shows that SME CEOs engage in specific behaviors, we tested the influence of the PMT on two subgroups: SME owners (n=183) and non-owners (n=109). Our results show very important and significant discrepanciesbetween the two subgroups. Our work is original because it constitutes the first study dedicated to the protective behaviors of SME CEOs; moreover, it distinguishes between owners and non-owners. Our major theoretical contribution corresponds to the identification and investigation of this differentiated population, which requires more in-depth studies. The main managerial implication of our work is that as the factors triggering owner and non-owner SME CEOs protective behaviors are almost in total contrast, any communication or action should be specifically tailored to each audience.

Keywords: Protection motivation theory; owner CEO; SME; behavior; information security (search for similar items in EconPapers)
Date: 2017
References: Add references at CitEc
Citations: View citations in EconPapers (2)

Published in Systèmes d'Information et Management, 2017, 22 (3), pp.7. ⟨10.3917/sim.173.0007⟩

There are no downloads for this item, see the EconPapers FAQ for hints about obtaining it.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:hal:journl:hal-02000435

DOI: 10.3917/sim.173.0007

Access Statistics for this paper

More papers in Post-Print from HAL
Bibliographic data for series maintained by CCSD ().