Data Security and Cognition: How Executives Select Measures Is in Their Personality

In This Story

People Mentioned in This Story
Body

It is a truth universally acknowledged that a person in possession of any official, medical, or financial paperwork must be worried about potential data breaches. We live in an online time. Information is stored virtually. Just as old-time bank robbers could access vaults if they had the inclination, modern criminals can—if they have the right skills—access all that data online.

Nirup Menon
Nirup Menon

Information security is a critical part of every organization. However, it’s also expensive—a problem for executives deciding on funding allocation. Nirup Menon, professor and chair of information systems and operations management, along with coauthor Mikko Siponen, delved into the role personality plays in determining how executives react to information security costs. Their paper’s premise is simple: Security managers propose system security measures, and the executive makes a decision depending on a variety of factors, including cost, risk-benefit analysis, and—it turns out—the executive’s “preferred subordinate influence approach.” That is, the X factor in whether an executive adopts a proposal is in his or her cognition—whether they are emotional or rational.

In the paper, “Executives’ Commitment to Information Security: Interaction between the Preferred Subordinate Influence Approach and Proposal Characteristics,” Menon and Siponen note, “In information security, subordinates can frame a proposal positively (e.g., action increases protection) or negatively (e.g., inaction increases risk). The framing of information security proposals affects the motivation of the message recipient to exert effort in decision making.” In short, data security proposals should be customized to the receiver. It’s not only the message but the way the message is received that safeguards information.