The impact of Information Security on User’s behavioural Intention in Online Social Media Business Models
Hemamali Tennakoon, Jean-Noel Ezingeard and Vladlena Benson, Faculty of Business and Law, Kingston University, email: k1014954@kingston.ac.uk
Abstract
The place of online social networking in business is no longer contested or seen as a
technological fad. Over the recent years, online social networking (SN) services have found
successful applications in many areas. For instance, social networks provided businesses with a
powerful tool for marketing and promotional purposes, as well as a platform for international trade
(Rauch, 2001). However, the issues of information security (IS) is preventing businesses from
gaining the full economic benefit of such applications (Smith et al., 2010; Campbell et al., 2003;
Cavusoglu et al., 2004). Since social media business models are a recent phenomenon, the
research into IS in such a context is limited. The purpose of this paper is to provide a brief outlook
of IS constructs from past literature and to discuss a research model that could be used in future
research.
Figure 1.
Background
Information is treated as a valuable asset in organizations and “ protection of this asset, through a
process of information security” (Thomson & Von Solms, 2004: p.1) is considered equally important.
The security of information is assured when it is available to legitimate users and when the
“confidentiality and integrity of information are not compromised in any way” (Kritzinger & Smith,
2008: p.2). It is also noted in literature that there are definitional ambiguities between the terms
‘privacy’ and ‘security’. In some cases these two terms have been used as a single concept while in
reality these are two separate, yet inter-related terms (Bergeron, 2000) .
Further systematic review of literature reveals that the presence or absence of IS could
considerably influence the behavioural intention of customers (McKnight et al., 2002; Parasuraman
& Zinkhan, 2002; Ranganathan & Ganapathy, 2002). Two main categories of online behaviour can
be observed in literature: online buying behaviour (Miyazaki & Fernandez, 2001; Chen & Barnes,
2007; McKnight et al., 2002; Parasuraman & Zinkhan, 2002; Ranganathan & Ganapathy, 2002) and
online information disclosure behaviour (Fogel & Nehmad, 2009; Hoffman et al., 1999). However,
significant issues such as privacy perceptions, trust, risk perception, national culture and individual
characteristics etc. (Brown & Muchira, 2004; Anderson & Agarwal, 2010; Cho, 2010; Jarvenpaa et
al., 2000; Fogel & Nehmad, 2009) are also identified in literature as influencing online user
behaviour. These will be referred to here after as ‘IS constructs’. It was noted that some of these
constructs could be further divided into second and third order constructs (e.g. Trust can be further
explained by the constructs ‘Trustworthiness’ and ‘Trustworthiness of the technological artefact
(Flavian & Guinaliu, 2006; Grazioli & Jarvenpaa, 2002; Chellappa, 2002; Jarvenpaa et al., 2000)).
Discussion
Literature on online IS comes predominantly from studies conducted in e-business environments
(e.g. Brown & Muchira ,2004; Kini & Choobineh 1998; Liu et al 2005; Corbitt et al., 2003; George,
2002; Vijayasarathy et al., 2000; Grabner-Kraeuter, 2002; Rose et al. 2010; Jarvenpaa et al.,
2000 etc.) and how IS constructs affect SN user’s online behaviour is not fully explored. For
instance, some findings indicate that trust is negatively related to risk perception and that national
culture act as a moderating variable (Jarvenpaa at al., 1999). Contrary to this finding, Teo and Liu
(2007) found a strong negative relationship between consumer trust and their risk
perception across countries. Recent incidents such as Sony PlayStation information security
breach (Minihane, 2011) and Facebook apps tracking and selling personal information (Hickins,
2012) affected individuals from across the globe and this calls for further research in IS and social
media business models. In order to do so, the researcher intends test a theoretical framework or
model developed based on previous research to logically develop and explain “the associations
among variables of interest to the research study” (Sekaran, 2003: p. 97). The model (figure 1)
that has been derived accordingly is further described below.
The systematic literature review reveals the following key constructs of IS.
• Information security (F1)- perceived security (F1C1) and Perceived security control (F11C1a)
• Informational privacy (F2)- perceived ability to control submitted information (F2C1), usage
of information (F2C2), Notice (F2C3), Perceived privacy (F2C4), Privacy protection behavior
(F2C5)
• Risk (F3)- Risk perception (F3C1), Risk propensity (F3C2)
• Trust (F4)- Trustworthiness (F4C1), Trustworthiness of the technological artefacts (F4C1a)
• Individual characteristics (F5)- Prior web experience (F5C1), User’s technical efficacy (F5C2)
• External environment (F7)- Legal environment (F7C1), Cultural environment (F7C2)
F3, F4 and F5 can be grouped as ‘individual factors’ because they have been recognised as
displaying characteristics that are more determined by individual perception and attitude (Joffe
(2003); Chang & Chen (2008); Liu et al. (2005); Miyazaki & Fernandez (2001); Vijayasarathy
(2004)). Due to the moderator effect shown by F7C2 (cultural environment) as previously
mentioned, F7C1 and F7C2 were distinctly shown, but grouped as ‘external environmental
factors’. F1 and F2 appear separately as ‘other factors’ since they did not seem to belong to
either of those two groups.
Originally these constructs were tested in the context of e-businesses (Barnes & Vidgen (2000);
Brown & Muchira (2004); Chen & Barnes (2007); Cheung & Lee (2003); Connolly &
Bannister (2006); Gefen et al (2003); Hoffman et al (1999) etc.), which makes it safe to identify
them as the key factors of e-business security. Therefore, collectively they are grouped under the
heading ‘e-business information security’.
As mentioned earlier, Behavioral intention (F6) is the key outcome variable identified and it
consists of two 1st order variables Purchase intention (F6C1) and Intention to disclose information
(F6C2).
Future Research
Use of social media, especially for business purposes, raises the questions of how security
concerns affect the information disclosure online, what information can be considered public and
what can be considered as private information . Bearing in mind current gaps in the literature, one
can raise the research question of how the information security affects social media business
users’ online behaviour. The above model is useful in answering this question. Further, it can be
used to explore ambiguities in the literature (e.g. distinction between security and privacy,
influence of national culture) in the social media context. This will allow researcher to better
understand the relationships between constructs, identify associations not identified
previously etc.
Bibliography
Bergeron, E. (2000) The Difference Between Security and Privacy. Joint Workshop on Mobile Web Privacy WAP Forum & World Wide Web
Consortium, 7-8 December 2000,Munich, Germany. [Online] http://www.w3.org/P3P/mobile-privacy-ws/papers/zks.html [Accessed: 23/03/2011]
Campbell, K., Gordon, L. A., Loeb, M. P., and Zhou, L. (2003) ‘The Economic Cost of Publicly Announced Information Security Breaches: Empirical
Evidence from the Stock Market,’ Journal of Computer Security, 11(3), pp. 431-448.
Cavusoglu, H., Mishra, B., and Raghunathan, S. (2004) ‘The Effect of Internet Security Breach Announcements on Market Value: Capital
Market Reactions for Breached Firms and Internet Security Developers’, International Journal of Electronic Commerce, 9 (1), pp. 69104.
Chen, Y. H. and Barnes, S. (2007) 'Initial trust and online buyer behaviour', Industrial Management & Data Systems, 107 (1), pp. 21-36.
Fogel, J. and Nehmad, E. (2009) ‘Internet social network communities: Risk taking, trust, and privacy concerns’, Computers in Human Behavior,
25, pp.153–160.
Hickins, M. (2012) The Morning Download: How Facebook Could Kill Your Business [Online] http://blogs.wsj.com/cio/2012/04/09/the-morningdownload-how-facebook-could-kill-your-business/
Hoffman, D. L., Novak, T. P. and Peralta, M. (1999) 'Building consumer trust online', Communications of the ACM, 42 (4), pp. 80-85.
Kritzinger, E. and Smith, E. (2008) ‘Information security management: An information security retrieval and awareness model for
industry’, Computer and Security, 7, pp.224-231
McKnight, D.H., Choudhury, V. and Kacmar, C. (2002) ‘Developing and validating trust measures for ecommerce: an integrative typology’,
Information Systems Research, 13(3),pp.334-359.
Minihane, J. (2011) New PlayStation security breach: 93,000 accounts hit [Online] http://www.t3.com/news/new-playstation-security-breach-93000accounts-hit
Miyazaki, A.D. and Fernandez, A. (2001) ‘Consumer perceptions of privacy and security risks for online shopping’, Journal of Consumer Affairs, 35
(1), pp. 27-44
Parasuraman, A. and Zinkhan, G.M. (2002) ‘Marketing to and serving customers through the Internet: an overview and research agenda’, Journal
of the Academy of Marketing Science, 30, pp. 286–295.
Ranganathan, C.
457-465.
and Ganapathy, S. (2002), ‘Key dimensions of business-to- consumer web sites’, Information & Management, 39 (6), pp.
Rauch, J. E. (2001) 'Business and social networks in international trade', Journal of Economic Literature, pp. 1177-1203.
Smith, S. Winchester, D. Bunker, D. and Jamieson, R. (2010) ‘Circuits Of Power: A Study Of Mandated Compliance To An Information Systems
Security De Jure Standard In A Government Organization’, MIS Quarterly, 34 (3), pp. 463-486.
Thomson, K. L. and von Solms, R. (2005) 'Information security obedience: a definition', Computers & Security, 24 (1), pp. 69-75.
Continued….
FACULTY OF BUSINESS AND LAW