Security breaches have increasingly become a major threat to organizations. Nevertheless, according to recent reports, many organizations do not plan to increase spending on information security. In fact, little is known about an organization’s motivation to invest in information security. This paper uses the Technology Acceptance Model as a basis for studying factors that might motivate organizations to invest (or not to invest) in information security. It proposes that perceived usefulness and ease of use of information security influence such investment decisions. It further proposes that seven other variables influence perceived usefulness and ease of use. They are: external environment, prior information security experiences, perceived risks of not securing information, information security budget, security planning, confidence in information security, and security awareness and training. The research proposes a model of information security investment. A Delphi study and a mail survey will be used to test it.
Johnson, Alice M., "The Technology Acceptance Model and the Decision to Invest in Information Security " (2005). SAIS 2005 Proceedings. 21.