Organizational Adoption of Information Security Solutions: An Integrative Lens Based on Innovation Adoption and the Technology-Organization-Environment Framework

Abstract

Information systems literature has cast organizational information security practices as a form of innovation. Using the notions of innovation adoption and diffusion of innovations, this paper develops an integrative model grounded in two theoretical perspectives- diffusion of innovation theory and the technologyorganization- environment framework-to examine the adoption of information security solutions (ISS) in organizations. We specify four innovation characteristics that are specific to ISS (compatibility, complexity, costs, and perceived gain), two organizational factors (organizational readiness and top management support), and two environmental factors (external pressure and visibility) as influential toward ISS adoption. We tested our model using data collected through a survey of 368 information systems managers in North American organizations. Our findings are insightful and have important theoretical and practical implications. Overall, the results suggest that organizational and environmental factors contribute to the extent of ISS adoption above and beyond characteristics of ISS themselves. The results are consistent across two measures of ISS adoption- perceived and (self-reported) actual-thereby supporting the robustness of our findings.