Data not found

Does reputational sanctions deter negligence in information security management? A field quasi-experiment

Country : Singapore
Department : Singapore Management University
Project Title : Does reputational sanctions deter negligence in information security management? A field quasi-experiment
Researcher : TANG, Qian , WHINSTON, Andrew B.
Keyword : Information Security , spam , Computer Sciences , reputational sanction , information security , Field quasi-experiment
Publisher : Institutional Knowledge at Singapore Management University
Year End : 2020
Identifier : https://ink.library.smu.edu.sg/sis_research/4864 , https://ink.library.smu.edu.sg/cgi/viewcontent.cgi?article=5867&context=sis_research
Source : Research Collection School Of Computing and Information Systems
Abstract / Description :

Security negligence, a major cause of data breaches, occurs when an organization’s information technology management fails to adequately address security vulnerabilities. By conducting a field quasi-experiment using outgoing spam as a focal security issue, this study investigates the effectiveness of reputational sanctions in reducing security negligence in a global context. In the quasi-experiment, a reputational sanction mechanism based on outgoing spam was established for four countries, and for each country, reputational sanctions were imposed on the 10 organizations with the largest outgoing spam volumes—that is, these organizations were listed publicly. We find that because of our reputational sanction mechanism, organizations in the four countries, including those that were not listed, reduced outgoing spam significantly compared to those in similar countries. Within each country, the listed organizations, whose reputations were actually sanctioned, reduced spam to a greater extent than those that were not listed. The spam reduction in the not-listed organizations is mainly driven by increased security awareness, while the reduction in the listed organizations is primarily due to reputation effect. Among the listed organizations, those ranked lower were more responsive to the reputational sanctions. Moreover, we find that reputational sanctions have a stronger effect on large organizations and important organizations that provide network access and transit to others.

References

TANG, Qian,WHINSTON, Andrew B.. (2020). Does reputational sanctions deter negligence in information security management? A field quasi-experiment.  Singapore: Singapore Management University.
TANG, Qian,WHINSTON, Andrew B.. 2020. "Does reputational sanctions deter negligence in information security management? A field quasi-experiment".  Singapore: Singapore Management University.
TANG, Qian,WHINSTON, Andrew B.. "Does reputational sanctions deter negligence in information security management? A field quasi-experiment."  Singapore: Singapore Management University, 2020. Print.
TANG, Qian,WHINSTON, Andrew B.. Does reputational sanctions deter negligence in information security management? A field quasi-experiment. Singapore: Singapore Management University; 2020.

Export

Share