FACULTY OF BUSINESS AND LAW

The impact of Information Security on User’s behavioural Intention in Online Social Media Business Models

Hemamali Tennakoon, Jean-Noel Ezingeard and Vladlena Benson, Faculty of Business and Law, Kingston University, email: k1014954@kingston.ac.uk

AbstractThe place of online social networking in business is no longer contested or seen as a technological fad. Over the recent years, online social networking (SN) services have found successful applications in many areas. For instance, social networks provided businesses with a powerful tool for marketing and promotional purposes, as well as a platform for international trade (Rauch, 2001). However, the issues of information security (IS) is preventing businesses from gaining the full economic benefit of such applications (Smith et al., 2010; Campbell et al., 2003; Cavusoglu et al., 2004). Since social media business models are a recent phenomenon, the research into IS in such a context is limited. The purpose of this paper is to provide a brief outlook of IS constructs from past literature and to discuss a research model that could be used in future research.

BackgroundInformation is treated as a valuable asset in organizations and “ protection of this asset, through a process of information security” (Thomson & Von Solms, 2004: p.1) is considered equally important. The security of information is assured when it is available to legitimate users and when the “confidentiality and integrity of information are not compromised in any way” (Kritzinger & Smith, 2008: p.2). It is also noted in literature that there are definitional ambiguities between the terms ‘privacy’ and ‘security’. In some cases these two terms have been used as a single concept while in reality these are two separate, yet inter-related terms (Bergeron, 2000) .

Further systematic review of literature reveals that the presence or absence of IS could considerably influence the behavioural intention of customers (McKnight et al., 2002; Parasuraman & Zinkhan, 2002; Ranganathan & Ganapathy, 2002). Two main categories of online behaviour can be observed in literature: online buying behaviour (Miyazaki & Fernandez, 2001; Chen & Barnes, 2007; McKnight et al., 2002; Parasuraman & Zinkhan, 2002; Ranganathan & Ganapathy, 2002) and online information disclosure behaviour (Fogel & Nehmad, 2009; Hoffman et al., 1999). However, significant issues such as privacy perceptions, trust, risk perception, national culture and individual characteristics etc. (Brown & Muchira, 2004; Anderson & Agarwal, 2010; Cho, 2010; Jarvenpaa et al., 2000; Fogel & Nehmad, 2009) are also identified in literature as influencing online user behaviour. These will be referred to here after as ‘IS constructs’. It was noted that some of these constructs could be further divided into second and third order constructs (e.g. Trust can be further explained by the constructs ‘Trustworthiness’ and ‘Trustworthiness of the technological artefact (Flavian & Guinaliu, 2006; Grazioli & Jarvenpaa, 2002; Chellappa, 2002; Jarvenpaa et al., 2000)).

Figure 1.

Future ResearchUse of social media, especially for business purposes, raises the questions of how security concerns affect the information disclosure online, what information can be considered public and what can be considered as private information . Bearing in mind current gaps in the literature, one can raise the research question of how the information security affects social media business users’ online behaviour. The above model is useful in answering this question. Further, it can be used to explore ambiguities in the literature (e.g. distinction between security and privacy, influence of national culture) in the social media context. This will allow researcher to better understand the relationships between constructs, identify associations not identified previously etc.

BibliographyBergeron, E. (2000) The Difference Between Security and Privacy. Joint Workshop on Mobile Web Privacy WAP Forum & World Wide Web Consortium, 7-8 December 2000,Munich, Germany. [Online] http://www.w3.org/P3P/mobile-privacy-ws/papers/zks.html [Accessed: 23/03/2011]

Campbell, K., Gordon, L. A., Loeb, M. P., and Zhou, L. (2003) ‘The Economic Cost of Publicly Announced Information Security Breaches: Empirical Evidence from the Stock Market,’ Journal of Computer Security, 11(3), pp. 431-448.

Cavusoglu, H., Mishra, B., and Raghunathan, S. (2004) ‘The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers’, International Journal of Electronic Commerce, 9 (1), pp. 69-104.

Chen, Y. H. and Barnes, S. (2007) 'Initial trust and online buyer behaviour', Industrial Management & Data Systems, 107 (1), pp. 21-36.

Fogel, J. and Nehmad, E. (2009) ‘Internet social network communities: Risk taking, trust, and privacy concerns’, Computers in Human Behavior, 25, pp.153–160.

Hickins, M. (2012) The Morning Download: How Facebook Could Kill Your Business [Online] http://blogs.wsj.com/cio/2012/04/09/the-morning-download-how-facebook-could-kill-your-business/

Hoffman, D. L., Novak, T. P. and Peralta, M. (1999) 'Building consumer trust online', Communications of the ACM, 42 (4), pp. 80-85.

Kritzinger, E. and Smith, E. (2008) ‘Information security management: An information security retrieval and awareness model for industry’, Computer and Security, 7, pp.224-231

McKnight, D.H., Choudhury, V. and Kacmar, C. (2002) ‘Developing and validating trust measures for ecommerce: an integrative typology’, Information Systems Research, 13(3),pp.334-359.

Minihane, J. (2011) New PlayStation security breach: 93,000 accounts hit [Online] http://www.t3.com/news/new-playstation-security-breach-93000-accounts-hit

Miyazaki, A.D. and Fernandez, A. (2001) ‘Consumer perceptions of privacy and security risks for online shopping’, Journal of Consumer Affairs, 35 (1), pp. 27-44

Parasuraman, A. and Zinkhan, G.M. (2002) ‘Marketing to and serving customers through the Internet: an overview and research agenda’, Journal of the Academy of Marketing Science, 30, pp. 286–295.

Ranganathan, C. and Ganapathy, S. (2002), ‘Key dimensions of business-to- consumer web sites’, Information & Management, 39 (6), pp. 457-465.

Rauch, J. E. (2001) 'Business and social networks in international trade', Journal of Economic Literature, pp. 1177-1203.

Smith, S. Winchester, D. Bunker, D. and Jamieson, R. (2010) ‘Circuits Of Power: A Study Of Mandated Compliance To An Information Systems Security De Jure Standard In A Government Organization’, MIS Quarterly, 34 (3), pp. 463-486.

Thomson, K. L. and von Solms, R. (2005) 'Information security obedience: a definition', Computers & Security, 24 (1), pp. 69-75.

Continued….

DiscussionLiterature on online IS comes predominantly from studies conducted in e-business environments (e.g. Brown & Muchira ,2004; Kini & Choobineh 1998; Liu et al 2005; Corbitt et al., 2003; George, 2002; Vijayasarathy et al., 2000; Grabner-Kraeuter, 2002; Rose et al. 2010; Jarvenpaa et al., 2000 etc.) and how IS constructs affect SN user’s online behaviour is not fully explored. For instance, some findings indicate that trust is negatively related to risk perception and that national culture act as a moderating variable (Jarvenpaa at al., 1999). Contrary to this finding, Teo and Liu (2007) found a strong negative relationship between consumer trust and their risk perception across countries. Recent incidents such as Sony PlayStation information security breach (Minihane, 2011) and Facebook apps tracking and selling personal information (Hickins, 2012) affected individuals from across the globe and this calls for further research in IS and social media business models. In order to do so, the researcher intends test a theoretical framework or model developed based on previous research to logically develop and explain “the associations among variables of interest to the research study” (Sekaran, 2003: p. 97). The model (figure 1) that has been derived accordingly is further described below.

The systematic literature review reveals the following key constructs of IS.

•Information security (F1)- perceived security (F1C1) and Perceived security control (F11C1a)

•Informational privacy (F2)- perceived ability to control submitted information (F2C1), usage of information (F2C2), Notice (F2C3), Perceived privacy (F2C4), Privacy protection behavior (F2C5)

•Risk (F3)- Risk perception (F3C1), Risk propensity (F3C2)

•Trust (F4)- Trustworthiness (F4C1), Trustworthiness of the technological artefacts (F4C1a)

•Individual characteristics (F5)- Prior web experience (F5C1), User’s technical efficacy (F5C2)

•External environment (F7)- Legal environment (F7C1), Cultural environment (F7C2)

F3, F4 and F5 can be grouped as ‘individual factors’ because they have been recognised as displaying characteristics that are more determined by individual perception and attitude (Joffe (2003); Chang & Chen (2008); Liu et al. (2005); Miyazaki & Fernandez (2001); Vijayasarathy (2004)). Due to the moderator effect shown by F7C2 (cultural environment) as previously mentioned, F7C1 and F7C2 were distinctly shown, but grouped as ‘external environmental factors’. F1 and F2 appear separately as ‘other factors’ since they did not seem to belong to either of those two groups.

Originally these constructs were tested in the context of e-businesses (Barnes & Vidgen (2000); Brown & Muchira (2004); Chen & Barnes (2007); Cheung & Lee (2003); Connolly & Bannister (2006); Gefen et al (2003); Hoffman et al (1999) etc.), which makes it safe to identify them as the key factors of e-business security. Therefore, collectively they are grouped under the heading ‘e-business information security’.

As mentioned earlier, Behavioral intention (F6) is the key outcome variable identified and it consists of two 1st order variables Purchase intention (F6C1) and Intention to disclose information (F6C2).