Explaining the Development of Information Security Climate and an Information Security Support Network: A Longitudinal Social Network Analysis

Abstract

Behavioural information security (InfoSec) research has studied InfoSec at workplaces through the employees’ perceptions of InfoSec climate, which is determined by observable InfoSec practices performed by their colleagues and direct supervisors. Prior studies have identified the antecedents of a positive InfoSec climate, in particular socialisation through the employees’ discussions of InfoSec-related matters to explain the formation of InfoSec climate based on the employees’ individual cognition. We conceptualise six forms of socialisation as six networks, which comprise employees’ provisions of (1) work advice, (2) organisational updates, (3) personal advice, (4) trust for expertise, (5) InfoSec advice, and (6) InfoSec troubleshooting support. The adoption of a longitudinal social network analysis (SNA), called stochastic actor-oriented modelling (SAOM), enabled us to analyse the changes in the socialising patterns and the InfoSec climate perceptions over time. Consequently, this analysis explains the forming mechanisms of the employees’ InfoSec climate perceptions as well as their socialising process in greater detail. Our findings in relation to the forming mechanisms of InfoSec-related socialisation and InfoSec climate, provide practical recommendations to improve organisational InfoSec. This includes identifying influential employees to diffuse InfoSec knowledge within a workplace. Additionally, this research proposes a novel approach for InfoSec behavioural research through the adoption of SNA methods to study InfoSec-related phenomena.