Cybersecurity end-user compliance: Password management versus update compliance

Pratim Datta; Oliver Krancher

doi:10.1016/j.im.2024.104060

Cybersecurity end-user compliance: Password management versus update compliance

Pratim Datta
, Oliver Krancher

Kent State University

Research output: Journal Article or Conference Article in Journal › Journal article › Research › peer-review

Abstract

In today's world, organizations rely on cybersecurity end-user compliance as an essential practical parameter. Yet cybersecurity compliance remains a challenge, and failures are commonplace. But why? In addressing this question, we argue that ISP compliance is neither too monolithic nor too granular a construct but needs respecification. We empirically investigate cybersecurity antecedents leading to (i) user protection-centric password management and (ii) system protection-centric update compliance dimensions. The results of our survey of 241 users show differentiating behavioral strands intertwined across different types of compliance, highlighting a unique interplay of attitudes, knowledge, and social factors as antecedents to password and update compliance.

Original language	English
Journal	Information & Management
Volume	61
Issue number	8
Pages (from-to)	1
Number of pages	16
ISSN	0378-7206
DOIs	https://doi.org/10.1016/j.im.2024.104060
Publication status	Published - 2024

Keywords

End-user compliance
Behavioral economics
Biases
Diligence
IT security knowledge
Social networking activity

Access to Document

10.1016/j.im.2024.104060Licence: CC BY

Datta and Krancher - cybersecurity end-user complianceFinal published version, 1.38 MBLicence: CC BY

Cite this

@article{1b02ae24136a4304913559a77deef0e4,

title = "Cybersecurity end-user compliance: Password management versus update compliance",

abstract = "In today's world, organizations rely on cybersecurity end-user compliance as an essential practical parameter. Yet cybersecurity compliance remains a challenge, and failures are commonplace. But why? In addressing this question, we argue that ISP compliance is neither too monolithic nor too granular a construct but needs respecification. We empirically investigate cybersecurity antecedents leading to (i) user protection-centric password management and (ii) system protection-centric update compliance dimensions. The results of our survey of 241 users show differentiating behavioral strands intertwined across different types of compliance, highlighting a unique interplay of attitudes, knowledge, and social factors as antecedents to password and update compliance.",

keywords = "End-user compliance, Behavioral economics, Biases, Diligence, IT security knowledge, Social networking activity",

author = "Pratim Datta and Oliver Krancher",

year = "2024",

doi = "10.1016/j.im.2024.104060",

language = "English",

volume = "61",

pages = "1",

journal = "Information \& Management",

issn = "0378-7206",

publisher = "Elsevier",

number = "8",

}

TY - JOUR

T1 - Cybersecurity end-user compliance: Password management versus update compliance

AU - Datta, Pratim

AU - Krancher, Oliver

PY - 2024

Y1 - 2024

N2 - In today's world, organizations rely on cybersecurity end-user compliance as an essential practical parameter. Yet cybersecurity compliance remains a challenge, and failures are commonplace. But why? In addressing this question, we argue that ISP compliance is neither too monolithic nor too granular a construct but needs respecification. We empirically investigate cybersecurity antecedents leading to (i) user protection-centric password management and (ii) system protection-centric update compliance dimensions. The results of our survey of 241 users show differentiating behavioral strands intertwined across different types of compliance, highlighting a unique interplay of attitudes, knowledge, and social factors as antecedents to password and update compliance.

AB - In today's world, organizations rely on cybersecurity end-user compliance as an essential practical parameter. Yet cybersecurity compliance remains a challenge, and failures are commonplace. But why? In addressing this question, we argue that ISP compliance is neither too monolithic nor too granular a construct but needs respecification. We empirically investigate cybersecurity antecedents leading to (i) user protection-centric password management and (ii) system protection-centric update compliance dimensions. The results of our survey of 241 users show differentiating behavioral strands intertwined across different types of compliance, highlighting a unique interplay of attitudes, knowledge, and social factors as antecedents to password and update compliance.

KW - End-user compliance

KW - Behavioral economics

KW - Biases

KW - Diligence

KW - IT security knowledge

KW - Social networking activity

U2 - 10.1016/j.im.2024.104060

DO - 10.1016/j.im.2024.104060

M3 - Journal article

SN - 0378-7206

VL - 61

SP - 1

JO - Information & Management

JF - Information & Management

IS - 8

ER -

Cybersecurity end-user compliance: Password management versus update compliance

Abstract

Keywords

Access to Document

Fingerprint

Cite this