Loading...

Media is loading
 

Paper Type

Complete

Paper Number

1313

Description

Overconfidence leads employees to take unnecessary risks. In information security, however, risk-taking is not an advantage, as it makes people susceptible to security breaches and misjudges their ability to detect potential threats. Employees overestimating their information security capabilities can result in incidents with severe financial consequences for a company. While prior research has proven that individuals’ overconfidence differs depending on their nationality, the cause and extent remain unclear and even contradictory. In this paper, we analyze the impact of national individualism on overconfidence to understand and reduce it in information security. Our large-scale survey determines overestimation, overprecision, and overplacement of 3,776 employees in an internationally operating company. Furthermore, we find different levels of overconfidence between Western European countries and the United States. Our findings will help companies to better target measures against information security overconfidence.

Comments

SIG SEC

Share

COinS
Top 25 Paper Badge
 
Aug 10th, 12:00 AM

Professional Environment Matters – National Characteristics of Information Security Overconfidence

Overconfidence leads employees to take unnecessary risks. In information security, however, risk-taking is not an advantage, as it makes people susceptible to security breaches and misjudges their ability to detect potential threats. Employees overestimating their information security capabilities can result in incidents with severe financial consequences for a company. While prior research has proven that individuals’ overconfidence differs depending on their nationality, the cause and extent remain unclear and even contradictory. In this paper, we analyze the impact of national individualism on overconfidence to understand and reduce it in information security. Our large-scale survey determines overestimation, overprecision, and overplacement of 3,776 employees in an internationally operating company. Furthermore, we find different levels of overconfidence between Western European countries and the United States. Our findings will help companies to better target measures against information security overconfidence.

When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.