Abstract

In the rapidly evolving landscape of Information Security (InfoSec) technologies, integrating artificial intelligence (AI) with traditional security measures is becoming a dominant approach in cybersecurity (Jabbarova, 2023). This powerful combination is highly promising, driving a surge in the adoption of AI-enabled InfoSec as organizations seek to enhance cyber resilience and gain an advantage in the ongoing battle against internal and external security threats. The global market for AI-enabled security was valued at $20.19 billion in 2023 and is projected to grow fivefold to $102 billion by 2032 (Sharko et al., 2024). However, the hefty investment in AI-enabled InfoSec does not necessarily ensure effective and efficient deployment and use. The use of AI-enabled InfoSec in organizations has been associated with major concerns, to the extent that even key users, such as InfoSec experts, are apprehensive about it (Mahbooba et al., 2021). In this research, we aim to shed new light on the mechanisms underlying InfoSec experts’ compliance with AI-generated recommendations within organizations. Drawing on the protection motivation theory (PMT), the general security compliance literature suggests that perceived threat severity, perceived threat probability, perceived security-related self-efficacy, and perceived response efficacy in minimizing threats are positively associated with compliance. However, we argue that in this context, perceived security-related self-efficacy may reduce reliance on AI and even create a sense of rivalry between InfoSec experts and AI. Therefore, this form of self-efficacy may be negatively associated with compliance. Moreover, we propose that low transparency in AI decision-making algorithms can prevent understanding the rationale behind those recommendations and, as a result, undermine the perceived efficacy of AI-generated InfoSec recommendations. Last but not least, we propose that two security issues, confidentiality and integrity, in AI-enabled InfoSec systems are negatively associated with the perceived efficacy of AI-generated InfoSec recommendations. In more detail, privacy concerns about such tools can lead to providing those systems with only limited information or access to the organization’s IT. Consequently, recommendations from the AI will be viewed as insufficiently informed and less credible. In addition, AI is prone to integrity issues, leading to providing false or biased recommendations that, in turn, can decrease the perceived efficacy of AI recommendations. We will build on the components of this initial conceptual foundation to frame a mixed-methods approach that provides comprehensive, well-contextualized insights. First, we will scrape and analyze data from security-related subreddits to identify common themes and sentiments. Second, we will interview InfoSec experts at organizations to better understand compliance dynamics. Third, we will use the outcomes to propose a theoretical model and test it with survey data.

Download

Share

COinS