Abstract

Background: In the current business landscape, cyberattacks pose a significant threat, resulting in substantial economic harm for companies. Therefore, every organization must safeguard its IT systems by implementing effective security measures. Although several assessment approaches exist to evaluate economic investment decisions by assessing and selecting economically feasible information security measures, these approaches are rarely used in practical settings. Instead, (chief) information security officers often rely on intuition when assessing security investments. Our study investigates the factors influencing the acceptance of economic assessment approaches for information security investments across different levels.

Method: We utilize a multiple-method study by combining various qualitative methods, including semi-structured interviews, a systematic literature review, and several moderated focus group sessions. Our research process comprises multiple cycles, allowing us to gather insights from academic research and real-world practices.

Results: We have established a comprehensive typology of acceptance factors across five dimensions, encompassing various aggregation levels. We have also discovered connections between the acceptance factors across the dimensions and their relevance to three specific levels: (1) the macro environment, (2) the competitive environment, and (3) the focal firm.

Conclusion: The study provides valuable insights into how companies make decisions about investing in information security. Overall, it contributes to the field of information systems research by identifying the factors that influence the acceptance of economic assessment approaches for making such decisions across different dimensions and levels. With our typology, we want to draw the attention of academia and practice to the fact that acceptance factors are essential control elements that can substantially influence the practical use of assessment approaches. In addition, this study reveals a need for further research, which we present in six important directions.

Download

Share

COinS