Show simple item record

dc.contributor.authorJalali, Seyed Mohammad Javad
dc.contributor.authorBruckes, Maike
dc.contributor.authorWestmattelmann, Daniel
dc.contributor.authorSchewe, Gerhard
dc.date.accessioned2020-03-06T18:18:13Z
dc.date.available2020-03-06T18:18:13Z
dc.date.issued2019-02
dc.identifier.issn1556-5068
dc.identifier.urihttps://hdl.handle.net/1721.1/124018
dc.description.abstractEmployees are considered the weakest link in information security; their compliance with security policies has been a major area of research. However, employees click on phishing links even after receiving training. In this study, we explore the factors that influence information security policy compliance, using the theory of planned behavior (TPB) and integrating trust theories. We conduct a survey in hospitals to investigate the components of compliance intention and match employees’ survey results with their actual clicking data from organizational phishing campaigns. Our analysis (N = 430) revealed that TPB factors (attitude, subjective norms, and perceived behavioral control), as well as collective felt trust and trust in information security technology, have positive effects on compliance intention. However, surprisingly, compliance intention does not predict compliance behavior. Of the variables we tested, only the level of employees’ workload shows a significant relationship to their actual behavior. This study contributes to the information systems literature by understanding factors influencing compliance behavior. Also, unlike studies that assess behavior through a questionnaire, our method was able to measure observable compliance behavior using clicking data. Our findings can help organizations augment employees’ compliance with their cybersecurity policies and reduce the likelihood of clicking on phishing links. Keywords: Information security management; phishing emails; compliance; trust; theory of planned behavioren_US
dc.publisherElsevier BVen_US
dc.relation.isversionofhttp://dx.doi.org/10.2139/ssrn.3317498en_US
dc.rightsCreative Commons Attribution 4.0 International licenseen_US
dc.rights.urihttps://creativecommons.org/licenses/by/4.0/en_US
dc.sourceJournal of Medical Internet Researchen_US
dc.titleWhy Employees (Still) Click on Phishing Links: An Investigation in Hospitalsen_US
dc.typeArticleen_US
dc.identifier.citationJalali, Mohammad S. et al. "Why Employees (Still) Click on Phishing Links: an Investigation in Hospitals." (February 2019)en_US
dc.contributor.departmentSloan School of Managementen_US
dc.eprint.versionFinal published versionen_US
dc.type.urihttp://purl.org/eprint/type/JournalArticleen_US
eprint.statushttp://purl.org/eprint/status/PeerRevieweden_US
dspace.date.submission2020-03-05T13:48:33Z
mit.licensePUBLISHER_CC


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record