Theorising on risk homeostasis in the context of information security behaviour
Abstract
Purpose
The purpose of this paper is to discuss and theorise on the appropriateness and potential impact of risk homeostasis in the context of information security.
Design/methodology/approach
The discussion is mainly based on a literature survey backed up by illustrative empirical examples.
Findings
Risk homeostasis in the context of information security is an under-explored topic. The principles, assumptions and methodology of a risk homeostasis framework offer new insights and knowledge to explain and predict contradictory human behaviour in information security.
Practical implications
The paper shows that explanations for contradictory human behaviour (e.g. the privacy paradox) would gain from considering risk homeostasis as an information security risk management model. The ideas discussed open up the prospect to theorise on risk homeostasis as a framework in information security and should form a basis for further research and practical implementations. On a more practical level, it offers decision makers useful information and new insights that could be advantageous in a strategic security planning process.
Originality/value
This is the first systematic comprehensive review of risk homeostasis in the context of information security behaviour and readers of the paper will find new theories, guidelines and insights on risk homeostasis.
Keywords
Citation
Kearney, W.D. and Kruger, H.A. (2016), "Theorising on risk homeostasis in the context of information security behaviour", Information and Computer Security, Vol. 24 No. 5, pp. 496-513. https://doi.org/10.1108/ICS-04-2016-0029
Publisher
:Emerald Group Publishing Limited
Copyright © 2016, Emerald Group Publishing Limited