SpringerLink
Log in

Adoption of Cybersecurity Innovations—A Systematic Literature Review

  • Conference paper
  • First Online:
Proceedings of the International Conference on Cybersecurity, Situational Awareness and Social Media (CYBER SCIENCE 2023)

Part of the book series: Springer Proceedings in Complexity ((SPCOM))

  • 135 Accesses

Abstract

The adoption of new cybersecurity capabilities in an organization can be seen as an example of the adoption of technological innovations. While regulators use rules, standards, and codes of practice to influence the state of cybersecurity in regulated organizations—other factors, such as technological complexity, organizational size, and management support have been shown to influence technological adoption. Limited empirical research exists on factors influencing cybersecurity implementation in organizations. Existing models have focused on productivity or leisure applications—adoption of security innovations is fundamentally different because their adoption is founded on the intention to prevent incidents in the future with a limited direct positive gain. A systematic literature review on existing research on adoption of security innovations is presented and suggestions for further research in more quantitative measures for the drivers of organizational cybersecurity technology adoption is suggested.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
EUR 29.95
Price includes VAT (Germany)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
EUR 160.49
Price includes VAT (Germany)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
EUR 213.99
Price includes VAT (Germany)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Rogers, E.M.: Diffusion of Innovations. Free Press, New York, NY (2003)

    Google Scholar 

  2. Hameed, M.A., Counsell, S., Swift, S.: A conceptual model for the process of IT innovation adoption in organizations. J. Eng. Technol. Manag. 29(3), 358–390 (2012). https://doi.org/10.1016/j.jengtecman.2012.03.007

    Article  Google Scholar 

  3. Davis, F.D., Bagozzi, R.P., Warshaw, P.R.: User acceptance of computer technology: a comparison of two theoretical models. Manag. Sci. 35(8), 982–1003 (1989)

    Article  Google Scholar 

  4. Venkatesh, V., Davis, F.D.: A theoretical extension of the technology acceptance model: four longitudinal field studies. Manag. Sci. 46(2), 186–204 (2000). https://doi.org/10.1287/mnsc.46.2.186.11926

    Article  Google Scholar 

  5. Ajzen, I., Fishbein, M.: Understanding Attitudes and Predicting Social Behavior, Pbk Prentice-Hall, Englewood Cliffs, N.J. (1980)

    Google Scholar 

  6. Ajzen, I.: The theory of planned behavior. Organ. Behav. Hum. Decis. Process.Behav. Hum. Decis. Process. 50(2), 179–211 (1991). https://doi.org/10.1016/0749-5978(91)90020-T

    Article  Google Scholar 

  7. Venkatesh, V., Bala, H.: Technology Acceptance Model 3 and a Research Agenda on Interventions (2008). https://doi.org/10.1111/j.1540-5915.2008.00192.x

  8. Venkatesh, V., Morris, M.G., Davis, G.B., Davis, F.D.: User acceptance of information technology: toward a unified view. MIS Q. 27(3), 425–478 (2003). https://doi.org/10.2307/30036540

    Article  Google Scholar 

  9. Venkatesh, V., Thong, J.Y.L., Xu, X.: Consumer acceptance and use of information technology: extending the unified theory of acceptance and use of technology. MIS Q. 36(1), 157–178 (2012). https://doi.org/10.2307/41410412

    Article  Google Scholar 

  10. Tornatzky, L.G., Fleischer, M., Chakrabarti, A.K.: The processes of technological innovation. In: Issues in Organization and Management Series. Lexington Books, Lexington, Mass (1990)

    Google Scholar 

  11. Baker, J.: The technology–organization–environment framework. In: Information Systems Theory: Explaining and Predicting Our Digital Society, vol. 1; Dwivedi, Y.K., Wade, M.R., Schneberger, S.L. (Eds.) Integrated Series in Information Systems. Springer, New York, NY, pp. 231–245 (2012). https://doi.org/10.1007/978-1-4419-6108-2_12

  12. Johnston, A.C., Warkentin, M.: Fear Appeals and information security behaviors: an empirical study. MIS Q. 34(3), 549–566 (2010)

    Article  Google Scholar 

  13. Dinev, T., Hu, Q.: The centrality of awareness in the formation of user behavioral intention toward protective information technologies. JAIS 8(7), 386–408 (2007). https://doi.org/10.17705/1jais.00133

    Article  Google Scholar 

  14. West, R.: The psychology of security. Commun. ACM 51(4), 34–40 (2008). https://doi.org/10.1145/1330311.1330320

    Article  Google Scholar 

  15. Maddux, J.E., Rogers, R.W.: Protection motivation and self-efficacy: a revised theory of fear appeals and attitude change. J. Exp. Soc. Psychol. 19(5), 469–479 (1983). https://doi.org/10.1016/0022-1031(83)90023-9

    Article  Google Scholar 

  16. Rosenstock, I.M.: Historical origins of the health belief model. Health Educ. Monogr. Monogr. 2(4), 328–335 (1974). https://doi.org/10.1177/109019817400200403

    Article  Google Scholar 

  17. Wynn, D., Williams, C., Karahanna, E., Madupalli, R.: Preventive adoption of information security behaviors. In: ICIS 2013 Proceedings (2013). https://aisel.aisnet.org/icis2013/proceedings/SecurityOfIS/5

  18. Pickering, B., Boletsis, C., Halvorsrud, R., Phillips, S., Surridge, M.: It’s Not My Problem: How Healthcare Models Relate to SME Cybersecurity Awareness. In: HCI for Cybersecurity, Privacy and Trust; Moallem, A (Ed.) Lecture Notes in Computer Science, vol. 12788. Springer International Publishing, Cham, pp. 337–352. (2021). https://doi.org/10.1007/978-3-030-77392-2_22

  19. Vedadi, A., Warkentin, M.: Can secure behaviors be contagious? a two-stage investigation of the influence of herd behavior on security decisions. J. Assoc. Inf. Syst. 21(2) (2020). https://aisel.aisnet.org/jais/vol21/iss2/3

  20. Ayyagari, R., Lim, J., Hoxha, O.: Why do not we use password managers? a study on the intention to use password managers. CMR 15(4), 227–245 (2019). https://doi.org/10.7903/cmr.19394

    Article  Google Scholar 

  21. Ho, K.K.W., Au, C.H., Chiu, D.K.W.: Home computer user security behavioral intention: a replication study from guam. AIS Trans. Replication Res. 7(1) (2021). https://aisel.aisnet.org/trr/vol7/iss1/4

  22. Sonnenschein, R., Loske, A., Buxmann, P.: Gender Differences in Mobile Users’ IT Security Appraisals and Protective Actions: Findings from a Mixed-Method Study (2016). https://aisel.aisnet.org/icis2016/ISSecurity/Presentations/12

  23. Smith, C., Agarwal, R.: Practicing safe computing: a multimedia empirical examination of home computer user security behavioral intentions. MIS Q. 34(3), 613–643 (2010)

    Article  Google Scholar 

  24. Wang, P.A.: Information security knowledge and behavior: an adapted model of technology acceptance. In: 2010 2nd International Conference on Education Technology and Computer. IEEE, Shanghai, China, pp. V2-364–V2-367 (2010). https://doi.org/10.1109/ICETC.2010.5529366

  25. Hameed, M.A., Arachchilage, N.A.G.: A model for the adoption process of information system security innovations in organisations: a theoretical perspective. In: ACIS 2016 Proceedings (2016). https://aisel.aisnet.org/acis2016/45

  26. Vafaei-Zadeh, A., Thurasamy, R., Hanifah, H.: Modeling anti-malware use intention of university students in a develo** country using the theory of planned behavior, vol. 48, no. 8, pp. 1565–1585 (2019). https://doi.org/10.1108/K-05-2018-0226

  27. Dinev, T., Hu, Q.: The centrality of awareness in the formation of user behavioral intention toward preventive technologies in the context of voluntary use. In: SIGHCI 2005 Proceedings (2005). https://aisel.aisnet.org/sighci2005/10

  28. Ng, B.Y., Rahim, M.: A socio-behavioral study of home computer users’ intention to practice security. In: PACIS 2005 Proceedings (2005). https://aisel.aisnet.org/pacis2005/20

  29. Dinev, T., Goo, J., Hu, Q., Nam, K.: User behavior toward preventive technologies—cultural differences between the United States and South Korea. In: ECIS 2006 Proceedings (2006) https://aisel.aisnet.org/ecis2006/9

  30. Liang, H., Xue, Y.: Avoidance of information technology threats: a theoretical perspective. MIS Q. 33(1), 71–90 (2009)

    Article  Google Scholar 

  31. Young, D.K., Carpenter, D., McLeod, A.: Malware avoidance motivations and behaviors: a technology threat avoidance replication. AIS Trans. Replication Res. 2(1) (2016). https://aisel.aisnet.org/trr/vol2/iss1/8

  32. McLeod, A., Dolezel, D.: Toward Security Capitulation Theory (2020). https://aisel.aisnet.org/amcis2020/info_security_privacy/info_security_privacy/2

  33. Herath, T., Chen, R., Wang, J., Banjara, K., Wilbur, J., Rao, H.R.: Security services as co** mechanisms: an investigation into user intention to adopt an email authentication service: security services as co** mechanisms. Inf. Syst. J. 24(1), 61–84 (2014). https://doi.org/10.1111/j.1365-2575.2012.00420.x

    Article  Google Scholar 

  34. Samtani, S., Zhu, H., Yu, S.: Fear appeals and information security behaviors: an empirical study on mechanical turk. AIS Trans. Replication Res. 5(1) (2019). https://aisel.aisnet.org/trr/vol5/iss1/5

  35. Groner, R., Brune, P.: Towards an empirical examination of it security infrastructures in SME. In: Secure IT Systems; Jøsang, A., Carlsson, B. (Eds.) Lecture Notes in Computer Science, vol. 7617. Springer Berlin Heidelberg, Berlin, Heidelberg, pp. 73–88 (2012). https://doi.org/10.1007/978-3-642-34210-3_6

  36. Tafokeng Talla, L., Kala Kamdjoug, J.R.: Factors influencing adoption of information security in information systems projects. In: New knowledge in information systems and technologies; Rocha, A., Adeli, H., Reis, L.P., Costanzo, S. (Eds.) Advances in Intelligent Systems and Computing, vol. 931. Springer International Publishing, Cham, pp. 890–899 (2019). https://doi.org/10.1007/978-3-030-16184-2_84

  37. Seuwou, P., Banissi, E., Ubakanma, G.: User acceptance of information technology: a critical review of technology acceptance models and the decision to invest in information security. In: Global Security, Safety and Sustainability—The Security Challenges of the Connected World; Jahankhani, H., Carlile, A., Emm, D., Hosseinian-Far, A., Brown, G., Sexton, G., Jamal, A. (Eds.) Communications in Computer and Information Science, vol. 630, pp. 230–251. Springer International Publishing, Cham (2016). https://doi.org/10.1007/978-3-319-51064-4_19

  38. Shropshire, J., Warkentin, M., Sharma, S.: Personality, attitudes, and intentions: Predicting initial adoption of information security behavior. Comput. Secur.. Secur. 49, 177–191 (2015). https://doi.org/10.1016/j.cose.2015.01.002

    Article  Google Scholar 

  39. Lui, S.M., Hui, W.: The effects of knowledge on security technology adoption: Results from a quasi-experiment. In: The 5th International Conference on New Trends in Information Science and Service Science, pp. 328–333 (2011)

    Google Scholar 

  40. Shropshire, J.D., Warkentin, M., Johnston, A.C.: Impact of negative message framing on security adoption. J. Comput. Inf. Syst.Comput. Inf. Syst. 51(1), 41–51 (2010). https://doi.org/10.1080/08874417.2010.11645448

    Article  Google Scholar 

  41. Warkentin, M., Shropshire, J., Johnston, A.: The IT security adoption conundrum: an initial step toward validation of applicable measures. In: AMCIS 2007 Proceedings (2007). https://aisel.aisnet.org/amcis2007/276

  42. Ho, G., Stephens, G., Jamieson, R.: Biometric authentication adoption issues. In: ACIS 2003 Proceedings (2003). https://aisel.aisnet.org/acis2003/11

  43. Wallace, S., Green, K.Y., Johnson, C., Cooper, J., Gilstrap, C.: An extended TOE framework for cybersecurity-adoption decisions. Commun. Assoc. Inf. Syst. 47(1) (2020). https://aisel.aisnet.org/cais/vol47/iss1/51

  44. Lidster, W.W., Rahman, S.S.M.: Identifying influences to information security framework adoption: applying a modified UTAUT. In: 2020 IEEE International Conference on Big Data (Big Data), pp. 2605–2609. IEEE, Atlanta, GA, USA (2020). https://doi.org/10.1109/BigData50022.2020.9378283.

  45. Alqahtani, M., Braun, R.: Reviewing influence of UTAUT2 factors on cyber security compliance: a literature review. JIACS 2021, 1–15 (2021). https://doi.org/10.5171/2021.666987

    Article  Google Scholar 

  46. Maclean, R., Ophoff, J.: Determining key factors that lead to the adoption of password managers. In: 2018 International Conference on Intelligent and Innovative Computing Applications (ICONIC), pp. 1–7. IEEE, Plaine Magnien (2018). https://doi.org/10.1109/ICONIC.2018.8601223.

  47. Appari, A., Johnson, M.E., Anthony, D.L.: HIPAA compliance: an institutional theory perspective. In: AMCIS 2009 Proceedings (2009). https://aisel.aisnet.org/amcis2009/252

  48. Farooq, A., Dubinina, A., Virtanen, S., Isoaho, J.: Understanding dynamics of initial trust and its antecedents in password managers adoption intention among young adults. Procedia Comput. Sci. 184, 266–274 (2021). https://doi.org/10.1016/j.procs.2021.03.036

    Article  Google Scholar 

  49. Sari, P.K., Nurshabrina, N., Candiwan (2016) Factor analysis on information security management in higher education institutions. In: 2016 4th International Conference on Cyber and IT Service Management, pp. 1–5. IEEE, Bandung, Indonesia (2016). https://doi.org/10.1109/CITSM.2016.7577518

  50. Das, S., Kramer, A.D.I., Dabbish, L.A., Hong, J.I.: The role of social influence in security feature adoption. In: Proceedings of the 18th ACM Conference on Computer Supported Cooperative Work & Social Computing, pp 1416–1426. ACM, Vancouver BC Canada. https://doi.org/10.1145/2675133.2675225

  51. Heidt, M., Gerlach, J., Buxmann, P.: A Holistic View on Organizational IT Security: The Influence of Contextual Aspects During IT Security Decisions (2019). https://aisel.aisnet.org/hicss-52/os/information_security/5

  52. Mirtsch, M., Pohlisch, J., Blind, K.: International diffusion of the information security management system standard ISO/IEC 27001: exploring the role of culture. In: ECIS 2020 Research Papers (2020). https://aisel.aisnet.org/ecis2020_rp/88

  53. Alkhalifah, A., D’Ambra, J.: Applying task-technology fit to the adoption of identity management systems. In: ACIS 2011 Proceedings (2011). https://aisel.aisnet.org/acis2011/31

  54. Egorova, K.S., Adoption of information security as decision-making under uncertainty: a behavioural economics approach. In: ECIS 2015 Research-in-Progress Papers (2015). https://aisel.aisnet.org/ecis2015_rip/21

  55. Loukis, E., Kokolakis, S., Anastasopoulou, K.: Factors of PKI adoption in European firms. In: MCIS 2011 Proceedings (2011). https://aisel.aisnet.org/mcis2011/29

  56. Dong, K., Lin, R., Yin, X., **e, Z.: How does overconfidence affect information security investment and information security performance? Enterp. Inf. Syst. 15(4), 474–491 (2021). https://doi.org/10.1080/17517575.2019.1644672

    Article  Google Scholar 

  57. Bagozzi, R. P.: The legacy of the technology acceptance model and a proposal for a paradigm shift. J. Assoc. Inf. Syst. 8(4) (2007). https://doi.org/10.17705/1jais.00122

  58. McKnight, D.H., Choudhury, V., Kacmar, C.: Develo** and validating trust measures for e-commerce: an integrative typology. Inf. Syst. Res. 13(3), 334–359 (2002). https://doi.org/10.1287/isre.13.3.334.81

    Article  Google Scholar 

  59. Goodhue, D.L., Thompson, R.L.: Task-technology fit and individual performance. MIS Q. 19(2), 213–236 (1995). https://doi.org/10.2307/249689

    Article  Google Scholar 

  60. Gallivan, M.J.: Organizational adoption and assimilation of complex technological innovations: development and application of a new framework. SIGMIS Database 32(3), 51–85 (2001). https://doi.org/10.1145/506724.506729

    Article  Google Scholar 

Download references

Acknowledgements

This work has received funding from the Research Council of Norway through the SFI Norwegian Centre for Cybersecurity in Critical Sectors (NORCICS) project no. 310105.

Author information

Authors and Affiliations

  1. NTNU, Norwegian University of Science and Technology, Trondheim, Norway

    Arnstein Vestad & Bian Yang

Authors
  1. Arnstein Vestad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bian Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Arnstein Vestad .

Editor information

Editors and Affiliations

  1. Research Series Limited, London, UK

    Cyril Onwubiko

  2. University of Galway, Galway, Ireland

    Pierangelo Rosati

  3. Temple University, Philadelphia, PA, USA

    Aunshul Rege

  4. University of Oxford, Oxford, UK

    Arnau Erola

  5. Lupovis, Glasgow, UK

    Xavier Bellekens

  6. Ain Shams University, Cairo, Egypt

    Hanan Hindy

  7. University of Stavanger, Stavanger, Norway

    Martin Gilje Jaatun

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Vestad, A., Yang, B. (2024). Adoption of Cybersecurity Innovations—A Systematic Literature Review. In: Onwubiko, C., et al. Proceedings of the International Conference on Cybersecurity, Situational Awareness and Social Media. CYBER SCIENCE 2023. Springer Proceedings in Complexity. Springer, Singapore. https://doi.org/10.1007/978-981-99-6974-6_16

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-6974-6_16

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-6973-9

  • Online ISBN: 978-981-99-6974-6

  • eBook Packages: Physics and AstronomyPhysics and Astronomy (R0)

Publish with us

Policies and ethics

Search

Navigation