Shouldering the Shield: The Vital Role of Internalized Responsibility in Managing Organizational Cybersecurity
Volume 6 - Issue 4, April 2023 Edition
[Download Full Paper]
Author(s)
Kosay Tabaja
Keywords
accountability, cybersecurity, culture of accountability, cyber threats, cybersecurity strategy, digital assets.
Abstract
In today's digital age, cybersecurity has become a top priority for organizations. While many companies invest in the latest security technologies and protocols, they often overlook the importance of internalized responsibility in managing cyber threats. This article explores the vital role that internalized responsibility plays in safeguarding an organization's sensitive information and assets from cyber-attacks. By examining case studies and industry best practices, we showcase how a culture of accountability can foster better cybersecurity hygiene among employees at all levels of an organization. From senior leadership to entry-level staff, everyone must shoulder the shield and take ownership of their role in protecting their company's digital assets. Ultimately, this article argues that internalized responsibility is a critical component of any comprehensive cybersecurity strategy and should be given equal attention alongside technological solutions.
References
[1] Acuna, D., Suliman, R., & Elmesmari, N. (2021). A Practitioner Methodology for Mitigating Electronic Data Risk Associated with Human Error. Journal of the Midwest Association for Information Systems, Vol.2021(2), Article 2.
[2] Ani, U. D., He, H., & Tiwari, A. (2019). Human factor security: evaluating the cybersecurity capacity of the industrial workforce. Journal of Systems and Information Technology, 21(1), 2-35.
[3] Balozian, P., & Leidner, D. (2017). Review of IS Security Policy Compliance: Toward the Building Blocks of an IS Security Theory. ACM SIGMIS Database: The DATABASE for Advances in Information Systems, 48(3), 11–43.
[4] Bandura, A. (1977). Self-efficacy: Toward a unifying theory of behavioral change. Psychological Review, 84(2), 191–215.
[5] Barker, G., & Barker, P. (2019). Developing Cybersecurity Culture: The Role Of Cultural Values In Organizational Cybersecurity Compliance And Risk Management. Computers & Security ,Vol.82, 165-175.
[6] Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness. MIS Quarterly, 34(3), 523-548.
[7] Chen, Y., & et al. (2021). Understanding Inconsistent Employee Compliance with Information Security Policies Through the Lens of the Extended Parallel Process Model. Information Systems Research, 32(3), 1043–1065.
[8] Corradini, I., & Nardelli, E. (2018). Building Organizational Risk Culture in Cyber Security: The Role of Human Factors. International Conference on Applied Human Factors and Ergonomics, , 193–202.
[9] Craigen, D., Diakun-Thibault, N., & Purse, R. (2014). Defining Cybersecurity. Technology Innovation Management Review, 4(10), 13–21.
[10] Culnan, M. J., Foxman, E. R., & Ray, A. W. (2008). Why IT executives should help employees secure their home computers. MIS Quarterly Executive, 7(1), Article 6.
[11] D´Arcy, J., Hovav, A., & Galletta, D. (2009). User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach. . Information Systems Research, 20(1), 79-98.
[12] de Bruijn, H., & Janssen, M. (2017). Building Cybersecurity Awareness: The need for evidence-based framing strategies. Government Information Quarterly, 34(1), 1-7.
[13] Dinev, T., & Hu, Q. (2007). The Centrality of Awareness in the Formation of User Behavioral Intention toward Protective Information Technologies. Journal of the Association for Information Systems, 8(7), 386–408.
[14] Eisenhardt, K. M. (1989). Building Theories from Case Study Research. Academy of Management Review, 14(4), 532–550.
[15] Filipczuk, D., Mason, C., & Snow, S. (2019). Using a Game to Explore Notions of Responsibility for Cyber Security in Organizations. CHI Conference on Human Factors in Computing Systems, , 1-6.
[16] Gallagher, R., Jones-Wilson, T., & Smith, B. (2018). Cybersecurity: Best Practices And Standards For Small Businesses. Journal Of Business & Economics Research , Vol.16(3), 109-118.
[17] Gioia, D. A., Corley, K. G., & Hamilton, A. (2013). Seeking qualitative rigor in inductive research: Notes on the Gioia Methodology. Organizational Research Methods, 16(1), 15–31.
[18] Glaser, B. G. (2002). Conceptualization: On Theory and Theorizing Using Grounded Theory. . International Journal of Qualitative Methods, 1(2), 23–38.
[19] Gupta, A., & Hammond, J. (2019). From Data Breaches To Disasters: Understanding The Importance Of Corporate Accountability For Cybersecurity . Journal Of Business Ethics , Vol.160(2), 399-412.
[20] Herath, T., & Rao, H. (2009). Protection motivation and deterrence: a framework for security policy compliance in organisations. . European Journal of Information Systems, 18(2), 106–125.
[21] Hobson, S., & van Schaik, S. (2017). Internalized responsibility: What is it? . Journal of Applied Psychology Research, 5(1), 24–29.
[22] IBM Security, & Institute, P. (2021). Cost Of A Data Breach Report . Retrieved from www.ibm.com: https://www.ibm.com/security/data-breach
[23] Jenkins, J., & al., e. (2021). Mitigating the Security Intention-Behavior Gap: The Moderating Role of Required Effort on the Intention-Behavior Relationship. Journal of the Association for Information Systems, 22(1), 246–272.
[24] Lambert, C., Lecky?Thompson, L., Marrington?Reece, J., & Carswell, J. (2018). The role of internalized responsibility in cyber security threats: A qualitative study. International Journal of Information Management, 38(6), 772–783.
[25] LaRose, B. R., Rifon, N. J., & Enbody, R. (2008). Promoting personal responsibility for internet safety. . Communications of the ACM, 51(3), 71–76.
[26] Macabante, C., Wei, S., & Schuster, D. (2019). Elements of Cyber-Cognitive Situation Awareness in Organizations. Proceedings of the Human Factors and Ergonomics Society Annual Meeting, 1624–1628.
[27] National Institute Of Standards And Technology [NIST]. (2017). Framework For Improving Critical Infrastructure Cybersecurity Version 1.1.
[28] Pahnila, S., Siponen, M., & Mahmood, A. (2007). Employees’ behavior towards IS security policy compliance. Proceedings of the 40th Annual Hawaii International Conference on System Sciences (HICCS’07), 156–166.
[29] Siponen, M. T. (2000). A conceptual foundation for organizational information security awareness. Information Management & Computer Security, 8(1), 31-41.
[30] Spears, J. L., & Barki, H. (2010). User Participation in Information Systems Security Risk Management. MIS Quarterly, 34(3), 503–522.
[31] Strauss, A., & Corbin, J. (1990). Basics of grounded theory methods. Sage.
[32] Von Skarczinski, B. S., Dreissigacker, A., & Teuteberg, F. (2022). More Security, less Harm? Exploring the Link between Security Measures and Direct Costs of Cyber Incidents within Firms using PLS-PM. Wirtschaftsinformatik 2022 Proceedings.
[33] Workman, M., Bommer, W. H., & Straub, D. (2008). Security lapses and the omission of information security measures: A threat control model and empirical test. Computers in Human Behavior, 24(6), 2799–2816.
[34] http://www.ccs.neu.edu/home/pb/mud-history.html. 1986. (URL link *include year)
[35] H. Goto, Y. Hasegawa, and M. Tanaka, “Efficient Scheduling Focusing on the Duality of MPL Representation,” Proc. IEEE Symp. Computational Intelligence in Scheduling (SCIS ’07), pp. 57-64, Apr. 2007, doi:10.1109/SCIS.2007.367670. (Conference proceedings)