Escalation of commitment and information security: theories and implications
Abstract
Purpose
This study aims to explore the challenges that the escalation of commitment poses to information security.
Design/methodology/approach
Two distinct scenarios of escalation behavior are presented based on literature review. Psychological, organizational and economic theories on escalation of commitment are reviewed and applied to the area of information security.
Findings
Escalation of commitment involves continuation of a course of action after receiving negative information about it. In the information security compliance context, escalation affects a firm when an employee decides to break the firm’s information security policy to complete a failing task. In the information security investment context, escalation occurs if a manager continues investment in policies and solutions that are ineffective because of psychological, organizational or economic factors. Both of these types of escalation may be prevented with de-escalation techniques including a change in management or rotation of duties, monitoring, auditing and governance mechanisms.
Practical implications
Implications of escalation of commitment behavior for information security decision-makers and for future research are discussed.
Originality/value
This study complements the literature by establishing the context of escalation of commitment in decisions related to information security and reviewing managerial and economic theories on escalation of commitment.
Keywords
Citation
Chulkov, D.V. (2017), "Escalation of commitment and information security: theories and implications", Information and Computer Security, Vol. 25 No. 5, pp. 580-592. https://doi.org/10.1108/ICS-02-2016-0015
Publisher
:Emerald Publishing Limited
Copyright © 2017, Emerald Publishing Limited