How motivation shapes the sharing of information security incident experience

Abstract

Due to a massive rise in data breaches caused by negligent information systems users, organizations aim at deploying measures that help make people more aware of potential cybersecurity risks. One means to raise security awareness amongst coworkers is sharing information security incident experience. Yet, many employees refrain from speaking up. Organizations, therefore, must understand what motivates their workforce to open up and share experiences. Empirical results based on a survey with 385 respondents indicate that intrinsic motivators like strengthening the collaboration with coworkers enhance employees' sharing behavior. In contrast, extrinsic motivators such as monetary incentives or promotion opportunities do the opposite. Interestingly, outcome expectations differ significantly for gender. Our results are of high relevance for practitioners, as understanding employees' security incident experience sharing behavior can help to properly incentivize individuals to communicate their incident experience and mitigate the likelihood of future information security breaches.