{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,23]],"date-time":"2026-04-23T10:20:28Z","timestamp":1776939628411,"version":"3.51.4"},"reference-count":27,"publisher":"Oxford University Press (OUP)","issue":"4","license":[{"start":{"date-parts":[[2017,9,28]],"date-time":"2017-09-28T00:00:00Z","timestamp":1506556800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/academic.oup.com\/journals\/pages\/about_us\/legal\/notices"}],"funder":[{"DOI":"10.13039\/501100000266","name":"EPSRC","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100000266","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018,4,1]]},"DOI":"10.1093\/comjnl\/bxx093","type":"journal-article","created":{"date-parts":[[2017,9,15]],"date-time":"2017-09-15T19:12:21Z","timestamp":1505502741000},"page":"472-495","source":"Crossref","is-referenced-by-count":31,"title":["Risk and the Small-Scale Cyber Security Decision Making Dialogue\u2014a UK Case Study"],"prefix":"10.1093","volume":"61","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9605-5510","authenticated-orcid":false,"given":"Emma","family":"Osborn","sequence":"first","affiliation":[{"name":"Department of Computer Science, University of Oxford, Oxford OX1 3QD, UK"}]},{"given":"Andrew","family":"Simpson","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of Oxford, Oxford OX1 3QD, UK"}]}],"member":"286","published-online":{"date-parts":[[2017,9,28]]},"reference":[{"key":"key\n\t\t\t\t20180329074327_bxx093C1","volume-title":"Computer Security","author":"Carroll","year":"1996","edition":"3rd edn"},{"key":"key\n\t\t\t\t20180329074327_bxx093C2","volume-title":"Security in Computing","author":"Pfleeger","year":"2007","edition":"4th edn"},{"key":"key\n\t\t\t\t20180329074327_bxx093C3","author":"Osborn","year":"2015"},{"key":"key\n\t\t\t\t20180329074327_bxx093C4","author":"Osborn","year":"2015"},{"key":"key\n\t\t\t\t20180329074327_bxx093C5","author":"McGregor","year":"2015"},{"key":"key\n\t\t\t\t20180329074327_bxx093C6","author":"Ahrend","year":"2016"},{"key":"key\n\t\t\t\t20180329074327_bxx093C7","volume-title":"Constructing Grounded Theory","author":"Charmaz","year":"2014","edition":"2nd edn"},{"key":"key\n\t\t\t\t20180329074327_bxx093C8","doi-asserted-by":"crossref","first-page":"59","DOI":"10.1177\/1525822X05279903","article-title":"How many interviews are enough? An experiment with data saturation and variability","volume":"18","author":"Guest","year":"2006","journal-title":"Field Methods"},{"key":"key\n\t\t\t\t20180329074327_bxx093C9","doi-asserted-by":"crossref","DOI":"10.4135\/9781452230153","volume-title":"Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory","author":"Corbin","year":"2008"},{"key":"key\n\t\t\t\t20180329074327_bxx093C10","volume-title":"The Managerial Labour Market in Small and Medium-Sized Enterprises","author":"Wynarczyk","year":"1993"},{"key":"key\n\t\t\t\t20180329074327_bxx093C11","doi-asserted-by":"crossref","first-page":"975","DOI":"10.1016\/j.im.2006.09.003","article-title":"Organizational size and it innovation adoption: a meta-analysis","volume":"43","author":"Lee","year":"2006","journal-title":"Inf. Manage."},{"key":"key\n\t\t\t\t20180329074327_bxx093C12","doi-asserted-by":"crossref","first-page":"201","DOI":"10.2307\/2093199","article-title":"A formal theory of differentiation in organizations","volume":"35","author":"Blau","year":"1970","journal-title":"Am. Sociol. Rev."},{"key":"key\n\t\t\t\t20180329074327_bxx093C13","volume-title":"Audit Insights: Cyber Security 2015","author":"ICAEW","year":"2015"},{"key":"key\n\t\t\t\t20180329074327_bxx093C14","doi-asserted-by":"crossref","first-page":"10","DOI":"10.1016\/S1361-3723(16)30062-8","article-title":"How smaller businesses struggle with security advice","volume":"2016","author":"Renaud","year":"2016","journal-title":"Comput. Fraud Secur."},{"key":"key\n\t\t\t\t20180329074327_bxx093C15","doi-asserted-by":"crossref","first-page":"649","DOI":"10.1086\/491605","article-title":"Entrepreneurship","volume":"23","author":"Lazear","year":"2005","journal-title":"J. Labor. Econ."},{"key":"key\n\t\t\t\t20180329074327_bxx093C16","doi-asserted-by":"crossref","first-page":"816","DOI":"10.1016\/j.cose.2009.05.008","article-title":"Self-efficacy in information security: its influence on end users\u2019 information security practice behavior","volume":"28","author":"Rhee","year":"2009","journal-title":"Comput. Secur."},{"key":"key\n\t\t\t\t20180329074327_bxx093C17","doi-asserted-by":"crossref","first-page":"221","DOI":"10.1111\/j.1468-5973.2009.00592.x","article-title":"Emerging threats to internet security: incentives, externalities and policy implications","volume":"17","author":"Van Eeten","year":"2009","journal-title":"J. Contingencies Crisis Manage."},{"key":"key\n\t\t\t\t20180329074327_bxx093C18","doi-asserted-by":"crossref","first-page":"281","DOI":"10.1016\/j.cose.2014.11.002","article-title":"Comparing intention to avoid malware across contexts in a BYOD-enabled Australian university: a protection motivation theory approach","volume":"48","author":"Dang-Pham","year":"2014","journal-title":"Comput. Secur."},{"key":"key\n\t\t\t\t20180329074327_bxx093C19","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.jnca.2010.07.006","article-title":"A survey on security issues in service delivery models of cloud computing","volume":"34","author":"Subashini","year":"2011","journal-title":"J. Netw. Comput. Appl."},{"key":"key\n\t\t\t\t20180329074327_bxx093C20","author":"Caralli","year":"2007"},{"key":"key\n\t\t\t\t20180329074327_bxx093C21","volume-title":"Managing Information Security Risks: The OCTAVE Approach","author":"Alberts","year":"2003"},{"key":"key\n\t\t\t\t20180329074327_bxx093C22","doi-asserted-by":"crossref","DOI":"10.1201\/b18257","volume-title":"The Official ISC2 Guide to the CISSP CBK","author":"Gordon","year":"2015"},{"key":"key\n\t\t\t\t20180329074327_bxx093C23","volume-title":"IT-driven Business Models: Global Case Studies in Transformation","author":"Kagermann","year":"2010"},{"key":"key\n\t\t\t\t20180329074327_bxx093C24","doi-asserted-by":"crossref","first-page":"105","DOI":"10.1111\/1467-8721.01242","article-title":"Crafting normative messages to protect the environment","volume":"12","author":"Cialdini","year":"2003","journal-title":"Curr. Dir. Psychol. Sci."},{"key":"key\n\t\t\t\t20180329074327_bxx093C25","author":"Li","year":"2011"},{"key":"key\n\t\t\t\t20180329074327_bxx093C26","doi-asserted-by":"crossref","first-page":"79","DOI":"10.1109\/MSP.2016.22","article-title":"Security for the high-risk user: separate and unequal","volume":"14","author":"Scott-Railton","year":"2016","journal-title":"IEEE Secur. Priv."},{"key":"key\n\t\t\t\t20180329074327_bxx093C27","doi-asserted-by":"crossref","first-page":"52","DOI":"10.1080\/17440572.2012.759508","article-title":"How organised is organised cybercrime?","volume":"14","author":"Lusthaus","year":"2013","journal-title":"Global Crime"}],"container-title":["The Computer Journal"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/academic.oup.com\/comjnl\/article-pdf\/61\/4\/472\/24509646\/bxx093.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,10,17]],"date-time":"2020-10-17T19:26:21Z","timestamp":1602962781000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/comjnl\/article\/61\/4\/472\/4259798"}},"subtitle":[],"editor":[{"given":"George","family":"Loukas","sequence":"additional","affiliation":[]}],"short-title":[],"issued":{"date-parts":[[2017,9,28]]},"references-count":27,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2017,9,28]]},"published-print":{"date-parts":[[2018,4,1]]}},"URL":"https:\/\/doi.org\/10.1093\/comjnl\/bxx093","relation":{},"ISSN":["0010-4620","1460-2067"],"issn-type":[{"value":"0010-4620","type":"print"},{"value":"1460-2067","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2018,4]]},"published":{"date-parts":[[2017,9,28]]}}}