Theorising on risk homeostasis in the context of information security behaviour
Abstract
Purpose – The purpose of this paper is to discuss and theorise on the appropriateness and potential
impact of risk homeostasis in the context of information security.
Design/methodology/approach – The discussion is mainly based on a literature survey backed up
by illustrative empirical examples.
Findings – Risk homeostasis in the context of information security is an under-explored topic. The
principles, assumptions and methodology of a risk homeostasis framework offer new insights and
knowledge to explain and predict contradictory human behaviour in information security.
Practical implications – The paper shows that explanations for contradictory human behaviour
(e.g. the privacy paradox) would gain from considering risk homeostasis as an information security risk
management model. The ideas discussed open up the prospect to theorise on risk homeostasis as a
framework in information security and should form a basis for further research and practical
implementations. On a more practical level, it offers decision makers useful information and new
insights that could be advantageous in a strategic security planning process.
Originality/value – This is the first systematic comprehensive review of risk homeostasis in the
context of information security behaviour and readers of the paper will find new theories, guidelines and
insights on risk homeostasis
URI
http://hdl.handle.net/10394/19857http://www.emeraldinsight.com/doi/full/10.1108/ICS-04-2016-0029
https://doi.org/10.1108/ICS-04-2016-0029