IDEAS home Printed from https://ideas.repec.org/a/eee/jeborg/v212y2023icp138-159.html
   My bibliography  Save this article

Designing an incentive mechanism for information security policy compliance: An experiment

Author

Listed:
  • Li, Yuanxiang John
  • Hoffman, Elizabeth

Abstract

Much information security research focuses on policies firms could adopt to reduce or eliminate employees’ violation behavior. However, current information security policies are based on increasingly outmoded models of compliance behavior. This paper proposes a novel behavioral-based mechanism that offers rewards and punishments to incentivize employees to take the time to protect a company's information assets. This new mechanism is grounded in insights from externality taxes and subsidies, as well as from behavioral economics, that specific incentives operationalized as monetary rewards and punishments effectively improve information security compliance. We also consider the importance of detection in implementing our mechanism. We conduct a set of laboratory experiments to study the impact of the rewards and punishments, as well as the importance of the probability of detection.

Suggested Citation

  • Li, Yuanxiang John & Hoffman, Elizabeth, 2023. "Designing an incentive mechanism for information security policy compliance: An experiment," Journal of Economic Behavior & Organization, Elsevier, vol. 212(C), pages 138-159.
    • Handle: RePEc:eee:jeborg:v:212:y:2023:i:c:p:138-159
    DOI: 10.1016/j.jebo.2023.05.033
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0167268123001865
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.jebo.2023.05.033?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Hoffman Elizabeth & McCabe Kevin & Shachat Keith & Smith Vernon, 1994. "Preferences, Property Rights, and Anonymity in Bargaining Games," Games and Economic Behavior, Elsevier, vol. 7(3), pages 346-380, November.
    2. Rassenti, Stephen J & Smith, Vernon L & Wilson, Bart J, 2003. "Discriminatory Price Auctions in Electricity Markets: Low Volatility at the Expense of High Price Levels," Journal of Regulatory Economics, Springer, vol. 23(2), pages 109-123, March.
    3. Tanjim Hossain & John A. List, 2012. "The Behavioralist Visits the Factory: Increasing Productivity Using Simple Framing Manipulations," Management Science, INFORMS, vol. 58(12), pages 2151-2167, December.
    4. Cason, Timothy N. & Plott, Charles R., 1996. "EPA's New Emissions Trading Mechanism: A Laboratory Evaluation," Journal of Environmental Economics and Management, Elsevier, vol. 30(2), pages 133-160, March.
    5. Ori Heffetz & Ted O'Donoghue & Henry S. Schneider, 2022. "Reminders Work, but for Whom? Evidence from New York City Parking Ticket Recipients," American Economic Journal: Economic Policy, American Economic Association, vol. 14(4), pages 343-370, November.
    6. Grether, David M & Isaac, R Mark & Plott, Charles R, 1981. "The Allocation of Landing Rights by Unanimity among Competitors," American Economic Review, American Economic Association, vol. 71(2), pages 166-171, May.
    7. Chen, Yan & Plott, Charles R., 1996. "The Groves-Ledyard mechanism: An experimental study of institutional design," Journal of Public Economics, Elsevier, vol. 59(3), pages 335-364, March.
    8. Charles A. Holt & Susan K. Laury, 2002. "Risk Aversion and Incentive Effects," American Economic Review, American Economic Association, vol. 92(5), pages 1644-1655, December.
    9. Rand, David Gertler & Dreber, Anna & Fudenberg, Drew & Ellingson, Tore & Nowak, Martin A., 2009. "Positive Interactions Promote Public Cooperation," Scholarly Articles 3804483, Harvard University Department of Economics.
    10. Hong, Fuhai & Hossain, Tanjim & List, John A., 2015. "Framing manipulations in contests: A natural field experiment," Journal of Economic Behavior & Organization, Elsevier, vol. 118(C), pages 372-382.
    11. Liisa Myyry & Mikko Siponen & Seppo Pahnila & Tero Vartiainen & Anthony Vance, 2009. "What levels of moral reasoning and values explain adherence to information security rules? An empirical study," European Journal of Information Systems, Taylor & Francis Journals, vol. 18(2), pages 126-139, April.
    12. Hoffman, Elizabeth & McCabe, Kevin & Smith, Vernon L, 1996. "Social Distance and Other-Regarding Behavior in Dictator Games," American Economic Review, American Economic Association, vol. 86(3), pages 653-660, June.
    13. Smith, Vernon L, 1976. "Experimental Economics: Induced Value Theory," American Economic Review, American Economic Association, vol. 66(2), pages 274-279, May.
    14. Elizabeth Linos & Allen Prohofsky & Aparna Ramesh & Jesse Rothstein & Matthew Unrath, 2022. "Can Nudges Increase Take-Up of the EITC? Evidence from Multiple Field Experiments," American Economic Journal: Economic Policy, American Economic Association, vol. 14(4), pages 432-452, November.
    15. Scott Duke Kominers & Alexander Teytelboym & Vincent P Crawford, 2017. "An invitation to market design," Oxford Review of Economic Policy, Oxford University Press and Oxford Review of Economic Policy Limited, vol. 33(4), pages 541-571.
    16. James Andreoni & William Harbaugh & Lise Vesterlund, 2003. "The Carrot or the Stick: Rewards, Punishments, and Cooperation," American Economic Review, American Economic Association, vol. 93(3), pages 893-902, June.
    17. William Vickrey, 1961. "Counterspeculation, Auctions, And Competitive Sealed Tenders," Journal of Finance, American Finance Association, vol. 16(1), pages 8-37, March.
    18. Roth, Alvin E, 1984. "Stability and Polarization of Interests in Job Matching," Econometrica, Econometric Society, vol. 52(1), pages 47-57, January.
    19. Roth, Alvin E, 1984. "The Evolution of the Labor Market for Medical Interns and Residents: A Case Study in Game Theory," Journal of Political Economy, University of Chicago Press, vol. 92(6), pages 991-1016, December.
    20. Simon Trang & Benedikt Brendel, 2019. "A Meta-Analysis of Deterrence Theory in Information Security Policy Compliance Research," Information Systems Frontiers, Springer, vol. 21(6), pages 1265-1284, December.
    21. Pablo Balán & Augustin Bergeron & Gabriel Tourek & Jonathan L. Weigel, 2022. "Local Elites as State Capacity: How City Chiefs Use Local Information to Increase Tax Compliance in the Democratic Republic of the Congo," American Economic Review, American Economic Association, vol. 112(3), pages 762-797, March.
    22. Alvin E. Roth, 2002. "The Economist as Engineer: Game Theory, Experimentation, and Computation as Tools for Design Economics," Econometrica, Econometric Society, vol. 70(4), pages 1341-1378, July.
    23. S.J. Rassenti & V.L. Smith & R.L. Bulfin, 1982. "A Combinatorial Auction Mechanism for Airport Time Slot Allocation," Bell Journal of Economics, The RAND Corporation, vol. 13(2), pages 402-417, Autumn.
    24. Plott, Charles R, 1983. "Externalities and Corrective Policies in Experimental Markets," Economic Journal, Royal Economic Society, vol. 93(369), pages 106-127, March.
    25. Paul J. Brewer & Charles R. Plott, 2002. "A Decentralized, Smart Market Solution to a Class of Back-Haul Transportation Problems: Concept and Experimental Test Beds," Interfaces, INFORMS, vol. 32(5), pages 13-36, October.
    26. John D'Arcy & Anat Hovav & Dennis Galletta, 2009. "User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach," Information Systems Research, INFORMS, vol. 20(1), pages 79-98, March.
    27. Trevino, Linda Klebe, 1992. "Experimental Approaches to Studying Ethical-Unethical Behavior in Organizations," Business Ethics Quarterly, Cambridge University Press, vol. 2(2), pages 121-136, April.
    28. Plott, Charles R. & Porter, David P., 1996. "Market architectures and institutional testbedding: An experiment with space station pricing policies," Journal of Economic Behavior & Organization, Elsevier, vol. 31(2), pages 237-272, November.
    29. Ivar Krumpal, 2013. "Determinants of social desirability bias in sensitive surveys: a literature review," Quality & Quantity: International Journal of Methodology, Springer, vol. 47(4), pages 2025-2047, June.
    30. Ostrom, Elinor & Walker, James & Gardner, Roy, 1992. "Covenants with and without a Sword: Self-Governance Is Possible," American Political Science Review, Cambridge University Press, vol. 86(2), pages 404-417, June.
    31. W. Alec Cram & Jeffrey G. Proudfoot & John D’Arcy, 2017. "Organizational information security policies: a review and research framework," European Journal of Information Systems, Taylor & Francis Journals, vol. 26(6), pages 605-641, November.
    32. Detmar W. Straub, 1990. "Effective IS Security: An Empirical Study," Information Systems Research, INFORMS, vol. 1(3), pages 255-276, September.
    33. Scott R Boss & Laurie J Kirsch & Ingo Angermeier & Raymond A Shingler & R Wayne Boss, 2009. "If someone is watching, I'll do what I'm asked: mandatoriness, control, and information security," European Journal of Information Systems, Taylor & Francis Journals, vol. 18(2), pages 151-164, April.
    34. Benno Torgler, 2003. "Beyond Punishment: a tax compliance experiment with taxpayers in Costa Rica," Revista de Analisis Economico – Economic Analysis Review, Universidad Alberto Hurtado/School of Economics and Business, vol. 18(1), pages 27-56, June.
    35. Simon Gachter & Ernst Fehr, 2000. "Cooperation and Punishment in Public Goods Experiments," American Economic Review, American Economic Association, vol. 90(4), pages 980-994, September.
    36. Merrill Warkentin & Robert Willison, 2009. "Behavioral and policy issues in information systems security: the insider threat," European Journal of Information Systems, Taylor & Francis Journals, vol. 18(2), pages 101-105, April.
    37. Tejaswini Herath & H Raghav Rao, 2009. "Protection motivation and deterrence: a framework for security policy compliance in organisations," European Journal of Information Systems, Taylor & Francis Journals, vol. 18(2), pages 106-125, April.
    38. Roth, Alvin E, 1988. "Laboratory Experimentation in Economics: A Methodological Overview," Economic Journal, Royal Economic Society, vol. 98(393), pages 974-1031, December.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Maurizio Cavallari, 2023. "Organizational Determinants and Compliance Behavior to Shape Information Security Plan," Academic Journal of Interdisciplinary Studies, Richtmann Publishing Ltd, vol. 12, November.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Bodo Sturm & Joachim Weimann, 2006. "Experiments in Environmental Economics and Some Close Relatives," Journal of Economic Surveys, Wiley Blackwell, vol. 20(3), pages 419-457, July.
    2. Yan Chen & Peter Cramton & John A. List & Axel Ockenfels, 2021. "Market Design, Human Behavior, and Management," Management Science, INFORMS, vol. 67(9), pages 5317-5348, September.
    3. Hans‐Theo Normann & Roberto Ricciuti, 2009. "Laboratory Experiments For Economic Policy Making," Journal of Economic Surveys, Wiley Blackwell, vol. 23(3), pages 407-432, July.
    4. Ortmann, Andreas, 2003. "Charles R. Plott's collected papers on the experimental foundations of economic and political science," Journal of Economic Psychology, Elsevier, vol. 24(4), pages 555-575, August.
    5. Dickinson, David L. & Masclet, David & Villeval, Marie Claire, 2015. "Norm enforcement in social dilemmas: An experiment with police commissioners," Journal of Public Economics, Elsevier, vol. 126(C), pages 74-85.
    6. Ledyard, John O., "undated". "Public Goods: A Survey of Experimental Research," Working Papers 861, California Institute of Technology, Division of the Humanities and Social Sciences.
    7. Croson, Rachel & Gächter, Simon, 2010. "The science of experimental economics," Journal of Economic Behavior & Organization, Elsevier, vol. 73(1), pages 122-131, January.
    8. Noussair, C.N. & van Soest, D.P., 2014. "Economic Experiments and Environmental Policy : A Review," Other publications TiSEM 5ccc4032-fc1e-453c-9a96-a, Tilburg University, School of Economics and Management.
    9. Murnighan, J. Keith & Wang, Long, 2016. "The social world as an experimental game," Organizational Behavior and Human Decision Processes, Elsevier, vol. 136(C), pages 80-94.
    10. Scott Duke Kominers & Alexander Teytelboym & Vincent P Crawford, 2017. "An invitation to market design," Oxford Review of Economic Policy, Oxford University Press and Oxford Review of Economic Policy Limited, vol. 33(4), pages 541-571.
    11. Gächter, Simon & Herrmann, Benedikt, 2011. "The limits of self-governance when cooperators get punished: Experimental evidence from urban and rural Russia," European Economic Review, Elsevier, vol. 55(2), pages 193-210, February.
    12. Matteo M. Galizzi & Daniel Navarro-Martinez, 2019. "On the External Validity of Social Preference Games: A Systematic Lab-Field Study," Management Science, INFORMS, vol. 65(3), pages 976-1002, March.
    13. Gangadharan, Lata & Nikiforakis, Nikos & Villeval, Marie Claire, 2017. "Normative conflict and the limits of self-governance in heterogeneous populations," European Economic Review, Elsevier, vol. 100(C), pages 143-156.
    14. Xiang Wei & Peng Xu & Shuiting Du & Guanghui Yan & Huayan Pei, 2021. "Reputational preference-based payoff punishment promotes cooperation in spatial social dilemmas," The European Physical Journal B: Condensed Matter and Complex Systems, Springer;EDP Sciences, vol. 94(10), pages 1-7, October.
    15. James Fiet & Pankaj Patel, 2008. "Entrepreneurial Discovery as Constrained, Sytematic Search," Small Business Economics, Springer, vol. 30(3), pages 215-229, March.
    16. Brosig, Jeannette, 2006. "Communication channels and induced behavior," MPRA Paper 14035, University Library of Munich, Germany.
    17. Yan Chen & Dennis F. Galletta & Paul Benjamin Lowry & Xin (Robert) Luo & Gregory D. Moody & Robert Willison, 2021. "Understanding Inconsistent Employee Compliance with Information Security Policies Through the Lens of the Extended Parallel Process Model," Information Systems Research, INFORMS, vol. 32(3), pages 1043-1065, September.
    18. Suresh P. Sethi & Sushil Gupta & Vipin K. Agrawal & Vijay K. Agrawal, 2022. "Nobel laureates’ contributions to and impacts on operations management," Production and Operations Management, Production and Operations Management Society, vol. 31(12), pages 4283-4303, December.
    19. Ligon, Ethan & Schechter, Laura, 2012. "Motives for sharing in social networks," Journal of Development Economics, Elsevier, vol. 99(1), pages 13-26.
    20. Karakostas, Alexandros & Kocher, Martin & Matzat, Dominik & Rau, Holger A. & Riewe, Gerhard, 2021. "The team allocator game: Allocation power in public goods games," University of Göttingen Working Papers in Economics 419, University of Goettingen, Department of Economics.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:jeborg:v:212:y:2023:i:c:p:138-159. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: http://www.elsevier.com/locate/jebo .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.