Exploring Contrasting Effects of Trust in Organizational Security Practices and Protective Structures on Employees’ Security-Related Precaution Taking
研究员工对组织信息安全实践的信任如何促进安全预防行为,同时揭示对保护结构的信任可能引发自满情绪、削弱预防意愿,为管理者平衡信任的双刃剑效应提供参考。
Encouraging employees to take security precautions is a vital strategy that organizations can use to reduce their vulnerability to information security (ISec) threats. This study investigates how the bright- and dark-side effects of trust in organizational information security impact employees’ intention to take security precautions. Employees who trust organizational security practices are more committed to protecting the organization and are more willing to take security precautions. To foster trust in organizational security practices and security commitment, ISec managers should establish a trusting security climate to ensure that employees can speak freely about the security problems they face in their work and receive support to resolve those problems if needed. This study also alerts managers to the potential adverse consequences of employees’ trust in the organization’s protective structures. We find that employees’ trust in the organization’s protective structures can backfire, making employees complacent regarding security. Further analyses indicate that security mindfulness mediates the influence of security complacency and security commitment on precaution taking. This study contributes by exploring and verifying the bright- and dark-side effects of trust in organizational ISec.