{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,2]],"date-time":"2026-05-02T16:16:05Z","timestamp":1777738565422,"version":"3.51.4"},"reference-count":57,"publisher":"Emerald","issue":"2","license":[{"start":{"date-parts":[[2021,3,29]],"date-time":"2021-03-29T00:00:00Z","timestamp":1616976000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2021,8,3]]},"abstract":"<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title>\n<jats:p>Information security has increasingly been in the headlines as data breaches continue to occur at alarming rates. This paper aims to propose an Information Security Preparedness Model that was developed to examine how SME executives\u2019 perceptions of security importance, implementation challenges and external influences impact their awareness and commitment to security preparedness.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title>\n<jats:p>Funded by the Department of Justice, a national survey of SME executives\u2019 perceptions of information security preparedness was conducted. Using PLS-SEM, the survey responses were used to test the proposed Information Security Preparedness Model.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Findings<\/jats:title>\n<jats:p>The results indicate that as perceptions of security importance and external influences increase, SME executives\u2019 awareness and commitment to information security also increases. In addition, as implementation challenges increase, awareness and commitment to information security decreases. Finally, as security importance and awareness and commitment to information security increases, executives\u2019 perception of security preparedness also increases.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Research limitations\/implications<\/jats:title>\n<jats:p>Executive perceptions of information security were measured and not the actual level of security. Further research that examines the agreement between executive perceptions and the true state of information security within the organization is warranted.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title>\n<jats:p>Prior information security studies using Roger\u2019s (1975, 1983) Protection Motivation Theory have produced mixed results. This paper develops and tests the Information Security Preparedness Model to more fully explain SME executive\u2019s perceptions of information security.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ics-01-2020-0014","type":"journal-article","created":{"date-parts":[[2021,3,27]],"date-time":"2021-03-27T08:03:56Z","timestamp":1616832236000},"page":"263-282","source":"Crossref","is-referenced-by-count":14,"title":["\u201cSME executives\u2019 perceptions and the information security preparedness model\u201d"],"prefix":"10.1108","volume":"29","author":[{"given":"Kenneth Albert","family":"Saban","sequence":"first","affiliation":[]},{"given":"Stephen","family":"Rau","sequence":"additional","affiliation":[]},{"given":"Charles A.","family":"Wood","sequence":"additional","affiliation":[]}],"member":"140","published-online":{"date-parts":[[2021,3,29]]},"reference":[{"key":"key2021080202131917300_ref001","article-title":"Cybersecurity for small business: exposing the top 8 myths","year":"2017"},{"key":"key2021080202131917300_ref002","article-title":"Four common misconceptions in exploratory factor analysis","volume-title":"Statistical and Methodological Myths and Urban Legends: Doctrine, Verity and Fable in the Organizational and Social Sciences","year":"2008"},{"issue":"2","key":"key2021080202131917300_ref003","doi-asserted-by":"crossref","first-page":"115","DOI":"10.3917\/sim.122.0115","article-title":"Implication et action des dirigeants: Quelles pistes pour am\u00e9liorer la s\u00e9curit\u00e9 de l'information en PME?","volume":"17","year":"2012","journal-title":"Syst\u00e8mes D'information and Management"},{"key":"key2021080202131917300_ref004","first-page":"7","article-title":"CEO\u2019s information security behavior in SMEs: does ownership matter","volume":"22","year":"2017","journal-title":"Systems Information ET Management"},{"issue":"4","key":"key2021080202131917300_ref005","first-page":"44","article-title":"A short-from measure of user information satisfaction: a psychometric evaluation and notes on use","volume":"4","year":"1989","journal-title":"Journal of Management Information Systems"},{"key":"key2021080202131917300_ref006","doi-asserted-by":"crossref","first-page":"9","DOI":"10.1016\/j.cose.2016.02.007","article-title":"Information system security commitment: a study of external influences on senior management","volume":"59","year":"2016","journal-title":"Computers and Security"},{"key":"key2021080202131917300_ref007","volume-title":"Target CEO Fired-Can You Be Fired If Your Company is Hacked","year":"2014"},{"key":"key2021080202131917300_ref008","article-title":"3 Small business cybersecurity myths busted","year":"2018"},{"issue":"4","key":"key2021080202131917300_ref009","doi-asserted-by":"crossref","first-page":"837","DOI":"10.25300\/MISQ\/2015\/39.4.5","article-title":"What do systems users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviors","volume":"39","year":"2015","journal-title":"MIS Quarterly"},{"issue":"2","key":"key2021080202131917300_ref010","doi-asserted-by":"crossref","first-page":"237","DOI":"10.2307\/249690","article-title":"On the use, usefulness, and ease of use of structural equation modeling in MIS research: a note of caution","volume":"19","year":"1995","journal-title":"MIS Quarterly"},{"key":"key2021080202131917300_ref011","article-title":"Cybersecurity management program","author":"CISCO","year":"2017"},{"key":"key2021080202131917300_ref012","volume-title":"Statistical Power Analysis for the Behavioral Sciences","year":"1969"},{"key":"key2021080202131917300_ref013","volume-title":"Statistical Power Analysis for the Behavioral Sciences","year":"1988","edition":"2nd ed."},{"issue":"1","key":"key2021080202131917300_ref014","doi-asserted-by":"crossref","first-page":"209","DOI":"10.2308\/isys-50704","article-title":"Understanding compliance with bring your own device policies utilizing protection motivation theory: bridging the intention-behavior gap","volume":"28","year":"2014","journal-title":"Journal of Information Systems"},{"key":"key2021080202131917300_ref015","article-title":"Survey small business security","author":"CSID","year":"2016"},{"issue":"2","key":"key2021080202131917300_ref016","doi-asserted-by":"crossref","first-page":"139","DOI":"10.1108\/ICS-12-2015-0048","article-title":"Comparing the information security culture of employees who had read the information security policy and those who had not","volume":"24","year":"2016","journal-title":"Information and Computer Security"},{"issue":"1","key":"key2021080202131917300_ref017","doi-asserted-by":"crossref","first-page":"79","DOI":"10.1287\/isre.1070.0160","article-title":"User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach","volume":"20","year":"2009","journal-title":"Information Systems Research"},{"key":"key2021080202131917300_ref018","first-page":"23","article-title":"Latent variables and indices: Herman Wold\u2019s basic design and partial least squares","volume-title":"In Handbook of Partial Least Squares","year":"2010"},{"key":"key2021080202131917300_ref019","article-title":"Three pillars of cyber security","year":"2018"},{"issue":"1","key":"key2021080202131917300_ref020","doi-asserted-by":"crossref","first-page":"39","DOI":"10.1177\/002224378101800104","article-title":"Structural equation models with unobservable variables and measurement errors","volume":"18","year":"1981","journal-title":"Journal of Marketing Research"},{"issue":"3","key":"key2021080202131917300_ref021","doi-asserted-by":"crossref","first-page":"307","DOI":"10.1109\/TEM.2003.817277","article-title":"Inexperience and experience with online stores: the importance of TAM and trust","volume":"50","year":"2003","journal-title":"IEEE Transactions on Engineering Management"},{"key":"key2021080202131917300_ref022","doi-asserted-by":"crossref","first-page":"iii","DOI":"10.2307\/23044042","article-title":"An update and extension to SEM guidelines for administrative and social science research","volume":"35","year":"2011","journal-title":"MIS Quarterly"},{"key":"key2021080202131917300_ref023","volume-title":"SPSS for Windows Step by Step: A Simple Guide and Reference","year":"2003","edition":"4th ed."},{"issue":"1","key":"key2021080202131917300_ref024","doi-asserted-by":"crossref","first-page":"13","DOI":"10.1016\/0378-7206(91)90024-V","article-title":"Security concerns of system users: a study of perceptions of the adequacy of security measures","volume":"20","year":"1991","journal-title":"Information and Management"},{"key":"key2021080202131917300_ref025","article-title":"10 Cybersecurity myths revealed! is your small business at risk?","year":"2018"},{"key":"key2021080202131917300_ref026","volume-title":"A Primer on Partial Least Squares Structural Equation Modeling (PLS-SEM)","year":"2014"},{"issue":"1","key":"key2021080202131917300_ref027","doi-asserted-by":"crossref","first-page":"115","DOI":"10.1007\/s11747-014-0403-8","article-title":"A new criterion for assessing discriminant validity in variance-based structural equation modeling","volume":"43","year":"2015","journal-title":"Journal of the Academy of Marketing Science"},{"issue":"1","key":"key2021080202131917300_ref028","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1080\/10705519909540118","article-title":"Cutoff criteria for fit indexes in covariance structure analysis: conventional criteria versus new alternatives","volume":"6","year":"1999","journal-title":"Structural Equation Modeling: A Multidisciplinary Journal"},{"issue":"4","key":"key2021080202131917300_ref029","doi-asserted-by":"crossref","first-page":"615","DOI":"10.1111\/j.1540-5915.2012.00361.x","article-title":"Managing employee compliance with information security policies: the critical role of top management and organizational culture","volume":"43","year":"2012","journal-title":"Decision Sciences"},{"key":"key2021080202131917300_ref030","article-title":"Preparing small business for cybersecurity success","author":"Information Technology and Innovation Foundation (ITIF)","year":"2018"},{"key":"key2021080202131917300_ref031","doi-asserted-by":"crossref","first-page":"549","DOI":"10.2307\/25750691","article-title":"Fear appeals and information security behaviors: an empirical study","volume":"34","year":"2010","journal-title":"MIS Quarterly"},{"issue":"1","key":"key2021080202131917300_ref032","doi-asserted-by":"crossref","first-page":"113","DOI":"10.25300\/MISQ\/2015\/39.1.06","article-title":"An enhanced fear appeal rhetorical framework: leveraging threats to the human asset through sanctioning rhetoric","volume":"39","year":"2015","journal-title":"MIS Quarterly"},{"key":"key2021080202131917300_ref033","volume-title":"Systems under Indirect Observation: Causality, Structure, Prediction","year":"1982"},{"issue":"2","key":"key2021080202131917300_ref034","doi-asserted-by":"crossref","first-page":"139","DOI":"10.1016\/S0268-4012(02)00105-6","article-title":"An integrative study of information systems security effectiveness","volume":"23","year":"2003","journal-title":"International Journal of Information Management"},{"key":"key2021080202131917300_ref035","doi-asserted-by":"crossref","first-page":"607","DOI":"10.2307\/25148702","article-title":"Zones of tolerance: alternative scales for measuring information systems service quality","volume":"29","year":"2005","journal-title":"MIS Quarterly"},{"issue":"2","key":"key2021080202131917300_ref036","doi-asserted-by":"crossref","first-page":"177","DOI":"10.1057\/ejis.2009.11","article-title":"Threat or coping appraisal: determinants of SMB executives\u2019 decision to adopt anti-malware software","volume":"18","year":"2009","journal-title":"European Journal of Information Systems"},{"issue":"7","key":"key2021080202131917300_ref037","doi-asserted-by":"crossref","first-page":"394","DOI":"10.17705\/1jais.00232","article-title":"Understanding security behaviors in personal computer usage: a threat avoidance perspective","volume":"11","year":"2010","journal-title":"Journal of the Association for Information Systems"},{"key":"key2021080202131917300_ref038","article-title":"Awareness of cyber-security for small business","author":"McCann Investigations LLC","year":"2015"},{"key":"key2021080202131917300_ref039","article-title":"OPM director Katherine Archuleta resigns after massive personnel data breach","year":"2015","journal-title":"Wall Street Journal"},{"issue":"2","key":"key2021080202131917300_ref040","doi-asserted-by":"crossref","first-page":"317","DOI":"10.25300\/MISQ\/2015\/39.2.03","article-title":"Disaster experience and hospital information systems: an examination of perceived information assurance, risk, resilience, and HIS usefulness","volume":"39","year":"2015","journal-title":"MIS Quarterly"},{"key":"key2021080202131917300_ref041","article-title":"2018 State of cybersecurity in small and medium size businesses","author":"Ponemon Institute","year":"2018"},{"key":"key2021080202131917300_ref042","article-title":"The cyber resilient organization","author":"Ponemon Institute","year":"2019"},{"key":"key2021080202131917300_ref043","article-title":"Adjusting the lens on economic crime: preparation brings opportunity back into focus","author":"PricewaterhouseCoopers","year":"2016"},{"key":"key2021080202131917300_ref044","article-title":"Strengthening digital society against cyber shocks","author":"PricewaterhouseCoopers","year":"2018"},{"issue":"1","key":"key2021080202131917300_ref045","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1080\/00223980.1975.9915803","article-title":"A protection motivation theory of fear appeals and attitude change","volume":"91","year":"1975","journal-title":"The Journal of Psychology"},{"key":"key2021080202131917300_ref046","first-page":"153","article-title":"Cognitive and psychological processes in fear-based attitude change: a revised theory of protection motivation","volume-title":"Social Psychophysiology: A Sourcebook","year":"1983"},{"key":"key2021080202131917300_ref047","volume-title":"Secrets and Lies: Digital Security in a Networked World","year":"2011"},{"key":"key2021080202131917300_ref048","volume-title":"Applied Multivariate Statistics for the Social Sciences","year":"1992","edition":"2nd ed."},{"key":"key2021080202131917300_ref049","article-title":"5 Myths small business owners believe about cyber security","author":"Stimulustech.com","year":"2018"},{"issue":"1","key":"key2021080202131917300_ref050","doi-asserted-by":"crossref","first-page":"45","DOI":"10.2307\/249307","article-title":"Discovering and disciplining computer abuse in organizations: a field study","volume":"14","year":"1990","journal-title":"MIS Quarterly"},{"issue":"4","key":"key2021080202131917300_ref051","doi-asserted-by":"crossref","first-page":"441","DOI":"10.2307\/249551","article-title":"Coping with systems risk: security planning models for management decision making","volume":"22","year":"1998","journal-title":"MIS Quarterly"},{"key":"key2021080202131917300_ref052","article-title":"Bill H.R.2015","author":"U.S. Congress","year":"2017"},{"key":"key2021080202131917300_ref053","article-title":"Chinese hackers breach US Navy contractors","author":"Wall Street Journal","year":"2018"},{"key":"key2021080202131917300_ref054","article-title":"Equifax CEO Richard Smith who oversaw breach to collect $90 million","year":"2017"},{"key":"key2021080202131917300_ref055","doi-asserted-by":"crossref","first-page":"47","DOI":"10.1016\/B978-0-12-416550-2.50007-8","article-title":"Model construction and evaluation when theoretical knowledge is scarce","volume-title":"Evaluation of Econometric Models","year":"1980"},{"key":"key2021080202131917300_ref056","article-title":"The need for greater focus on the cybersecurity challenges facing small and midsize businesses","year":"2015"},{"issue":"2","key":"key2021080202131917300_ref057","doi-asserted-by":"crossref","first-page":"245","DOI":"10.1207\/s15327906mbr0102_10","article-title":"The screen test for the number of factors","volume":"1","year":"1966","journal-title":"Multivariate Behavioral Research"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-01-2020-0014\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-01-2020-0014\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:22:38Z","timestamp":1753406558000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/29\/2\/263-282\/117699"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,3,29]]},"references-count":57,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2021,3,29]]},"published-print":{"date-parts":[[2021,8,3]]}},"alternative-id":["10.1108\/ICS-01-2020-0014"],"URL":"https:\/\/doi.org\/10.1108\/ics-01-2020-0014","relation":{},"ISSN":["2056-4961","2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"},{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2021,3,29]]}}}