Accéder directement au contenu Accéder directement à la navigation
Article dans une revue

CEOs’ information security behavior in SMEs: Does ownership matter?

Abstract : Past research in the area of behavioral information security has mainly focused on large company employees. However, SMEs constitute a relevant field of study, as they represent more than 99 percent of European companies and are subject to rapidly increasing security threats. In addition, within SMEs, CEOs play a vital role in protecting their information through the actions they can initiate and the influence they have on their employees. We attempt to fill a gap in information security (ISS) research, as few studies have aimed to understand CEOs’ behaviors related to the implementation of ISS. In addition, the literature shows that particularly in a small firm context, ownership influences CEOs’ behavior. Even less research has addressed SMEs, specifically with regard to the impact of ownership on CEOs’ ISS-related behaviors. This paper details an empirical study based on the protection motivation theory (PMT) to investigate the following research question: what factors explain SME CEOs’ information security protective behavior? We conducted a questionnaire-based survey with 292 SME CEOs, and we analyzed the collected data using partial least squares (PLS). Because the academic literature shows that SME CEOs engage in specific behaviors, we tested the influence of the PMT on two subgroups: SME owners (n=183) and non-owners (n=109). Our results show very important and significant discrepanciesbetween the two subgroups. Our work is original because it constitutes the first study dedicated to the protective behaviors of SME CEOs; moreover, it distinguishes between owners and non-owners. Our major theoretical contribution corresponds to the identification and investigation of this differentiated population, which requires more in-depth studies. The main managerial implication of our work is that as the factors triggering owner and non-owner SME CEOs protective behaviors are almost in total contrast, any communication or action should be specifically tailored to each audience.
Type de document :
Article dans une revue
Liste complète des métadonnées
Contributeur : Martin Donnat <>
Soumis le : mercredi 30 janvier 2019 - 15:46:12
Dernière modification le : vendredi 5 février 2021 - 10:10:08



Yves Barlette, Katherine Gundolf, Annabelle Jaouen. CEOs’ information security behavior in SMEs: Does ownership matter?. Systèmes d'Information et Management, Eska, 2017, 22 (3), pp.7. ⟨10.3917/sim.173.0007⟩. ⟨hal-02000435⟩



Consultations de la notice