Start Date

12-18-2013

Description

Despite providers’ constant promises of high IT security levels in the Cloud, various serious security incidents have taken place in the last years. By drawing on the psychological theory of ‘unrealistic optimism’ we add a new perspective to the stream of IT security research which allows us to shed light on the nature of providers’ IT security risk perceptions and their lack of motivation to invest in countermeasures. Based on a longitudinal mixed-methods study, we reveal that Cloud providers suffer from ‘unrealistic optimism’ and therefore significantly underestimate their services’ exposure to IT security risks, which in turn reduces the propensity to implement necessary IT security measures in the Cloud. We also found that providers’ overconfidence concerning their company’s control over IT security risks is a major factor to determine unrealistic optimism in the Cloud. We discuss implications for research and practice.

Share

COinS
 
Dec 18th, 12:00 AM

Cloud Computing Providers’ Unrealistic Optimism regarding IT Security Risks: A Threat to Users?

Despite providers’ constant promises of high IT security levels in the Cloud, various serious security incidents have taken place in the last years. By drawing on the psychological theory of ‘unrealistic optimism’ we add a new perspective to the stream of IT security research which allows us to shed light on the nature of providers’ IT security risk perceptions and their lack of motivation to invest in countermeasures. Based on a longitudinal mixed-methods study, we reveal that Cloud providers suffer from ‘unrealistic optimism’ and therefore significantly underestimate their services’ exposure to IT security risks, which in turn reduces the propensity to implement necessary IT security measures in the Cloud. We also found that providers’ overconfidence concerning their company’s control over IT security risks is a major factor to determine unrealistic optimism in the Cloud. We discuss implications for research and practice.