Information system security commitment: a study of external influences on senior management

This paper investigated how senior management is motivated to commit to information system (IS) security. Research shows senior management participation is critical to successful IS security, but has not explained how senior managers are motivated to participate in IS security. Information systems research shows pressures external to the organization have greater influence on senior managers than internal pressures. However, research has not fully examined how external pressures motivate senior management participation in IS security. This study addressed that gap by examining how external pressures motivate senior management participation in ISS through the lens of neo-institutional theory. The research design was survey research. Data collection was through an online survey, and PLS was used for data analysis. Sample size was 167 from a study population of small- and medium-sized enterprises (SMEs) in a mix of industries in the south-central United States. Results supported three of six hypotheses. Mimetic mechanisms were found to influence senior management belief in IS security, and senior management belief in IS security was found to increase senior management participation in IS security. Greater senior management participation in IS security led to greater IS security assimilation in organizations. Three hypotheses were not supported. Correlation was not found between normative influences and senior management belief, normative influences and senior management participation, and coercive influences and senior management participation. This study shows IS security-related mimetic influences have greater impact on senior leaders of SMEs than coercive or normative influences, which may be explained by the absorptive capacity of SMEs. Absorptive capacity refers to the ability of an organization to assimilate a technology. However, absorptive capacity may affect more than just technology assimilation, and may extend to how senior management responds to external influences