PACIS 2020 Proceedings


Due to a massive rise in information security incidents caused by employees, organizations need to employ security measures through which their workforce can learn from their colleagues' mistakes. Sharing personal experience with security incidents may work as such a means. Employees, however, often hesitate to share their failure stories with confrères and supervisors. By drawing on the social information processing (SIP) perspective, this paper investigates the impact of social context and social environment on the sharing of information security failure. The results of an investigation with 241 respondents indicate which type of leader will be successful in making employees feel safe enough to disclose their incident experience and why age effects should be considered. Our findings are of high relevance for both theory and practice, as understanding employees' sharing behavior of social engineering failures can help enhance information security awareness campaigns and to alter security practices, preventing the same mistakes from happening again.



When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.