{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,5]],"date-time":"2026-06-05T15:05:31Z","timestamp":1780671931503,"version":"3.54.1"},"reference-count":85,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2020,5,13]],"date-time":"2020-05-13T00:00:00Z","timestamp":1589328000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["SIGMIS Database"],"published-print":{"date-parts":[[2020,5,13]]},"abstract":"<jats:p>Information systems literature has cast organizational information security practices as a form of innovation. Using the notions of innovation adoption and diffusion of innovations, this paper develops an integrative model grounded in two theoretical perspectives- diffusion of innovation theory and the technologyorganization- environment framework-to examine the adoption of information security solutions (ISS) in organizations. We specify four innovation characteristics that are specific to ISS (compatibility, complexity, costs, and perceived gain), two organizational factors (organizational readiness and top management support), and two environmental factors (external pressure and visibility) as influential toward ISS adoption. We tested our model using data collected through a survey of 368 information systems managers in North American organizations. Our findings are insightful and have important theoretical and practical implications. Overall, the results suggest that organizational and environmental factors contribute to the extent of ISS adoption above and beyond characteristics of ISS themselves. The results are consistent across two measures of ISS adoption- perceived and (self-reported) actual-thereby supporting the robustness of our findings.<\/jats:p>","DOI":"10.1145\/3400043.3400046","type":"journal-article","created":{"date-parts":[[2020,5,22]],"date-time":"2020-05-22T23:46:45Z","timestamp":1590191205000},"page":"12-35","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":33,"title":["Organizational Adoption of Information Security Solutions"],"prefix":"10.1145","volume":"51","author":[{"given":"Tejaswini C.","family":"Herath","sequence":"first","affiliation":[{"name":"Brock University, Catharines, ON, Canada"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Hemantha S. B.","family":"Herath","sequence":"additional","affiliation":[{"name":"Brock University, Catharines, ON, Canada"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"John","family":"D'Arcy","sequence":"additional","affiliation":[{"name":"University of Delaware, Newark, DE, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2020,5,18]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.25300\/MISQ\/2017\/41.3.10"},{"key":"e_1_2_1_2_1","unstructured":"Baskerville R. (2009). Information security control decision theory: Management reasoning in threes. Paper presented at the IFIP TC 8 International Workshop on Information Systems Security Research Cape Town South Africa  Baskerville R. (2009). Information security control decision theory: Management reasoning in threes. Paper presented at the IFIP TC 8 International Workshop on Information Systems Security Research Cape Town South Africa"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0378-7206(00)00064-1"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1287\/isre.10.1.70"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.2307\/3250983"},{"key":"e_1_2_1_6_1","unstructured":"Brook C. (2018). What is cyber hygiene? A definition of cyber hygiene benefits best practices and more. Retrieved from https:\/\/digitalguardian.com\/blog\/what-cyberhygiene- definition-cyber-hygiene-benefits-bestpractices- and-more  Brook C. (2018). What is cyber hygiene? A definition of cyber hygiene benefits best practices and more. Retrieved from https:\/\/digitalguardian.com\/blog\/what-cyberhygiene- definition-cyber-hygiene-benefits-bestpractices- and-more"},{"key":"e_1_2_1_7_1","first-page":"24","article-title":"IT doesn't matter","volume":"38","author":"Carr N. G.","year":"2003","journal-title":"Educause Review"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1287\/deca.1040.0022"},{"key":"e_1_2_1_9_1","unstructured":"CERT\/CC. (2004). 2004 E-crime watch survey summary of findings. Retrieved from https:\/\/resources.sei.cmu.edu\/asset_files\/WhiteP aper\/2004_019_001_53391.pdf  CERT\/CC. (2004). 2004 E-crime watch survey summary of findings. Retrieved from https:\/\/resources.sei.cmu.edu\/asset_files\/WhiteP aper\/2004_019_001_53391.pdf"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1108\/02635570610653498"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.2307\/249740"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.5555\/767806.769281"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1287\/mnsc.36.2.123"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1057\/s41303-017-0059-9"},{"key":"e_1_2_1_15_1","unstructured":"CyberEdge Group. (2017). 2017 cyberthreat defense report. Retrieved from https:\/\/i.crn.com\/sites\/default\/files\/ckfinderimages \/userfiles\/images\/crn\/custom\/Webroot_Q3_2017_ CyberEdge_Cyberthreat_Defense_Report.pdf  CyberEdge Group. (2017). 2017 cyberthreat defense report. Retrieved from https:\/\/i.crn.com\/sites\/default\/files\/ckfinderimages \/userfiles\/images\/crn\/custom\/Webroot_Q3_2017_ CyberEdge_Cyberthreat_Defense_Report.pdf"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.2307\/256406"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1287\/mnsc.35.8.982"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11747-011-0300-3"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1287\/isre.10.3.255"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1177\/002224378101800104"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1287\/isre.1050.0053"},{"key":"e_1_2_1_22_1","unstructured":"Gartner. (2018). Gartner forecasts worldwide information security spending to exceed $124 billion in 2019. Retrieved from https:\/\/www.gartner.com\/en\/newsroom\/pressreleases\/ 2018-08--15-gartner-forecastsworldwide- information-security-spending-toexceed- 124-billion-in-2019  Gartner. (2018). Gartner forecasts worldwide information security spending to exceed $124 billion in 2019. Retrieved from https:\/\/www.gartner.com\/en\/newsroom\/pressreleases\/ 2018-08--15-gartner-forecastsworldwide- information-security-spending-toexceed- 124-billion-in-2019"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1177\/002224298905300104"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.17705\/1CAIS.01605"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.17705\/1CAIS.00407"},{"key":"e_1_2_1_26_1","doi-asserted-by":"crossref","unstructured":"Gerber M. & von Solms R. (2008). Information security requirements -- Interpreting the legal aspects. Computers and Security 27(5--6) 124- 135.  Gerber M. & von Solms R. (2008). Information security requirements -- Interpreting the legal aspects. Computers and Security 27(5--6) 124- 135.","DOI":"10.1016\/j.cose.2008.07.009"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1016\/0378-7206(91)90024-V"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/581271.581274"},{"issue":"2","key":"e_1_2_1_29_1","first-page":"1","article-title":"Information security expenditures and real options: A wait-and-see approach","volume":"19","author":"Gordon L. A.","year":"2003","journal-title":"Computer Security Journal"},{"key":"e_1_2_1_30_1","unstructured":"Gordon L. A. Loeb M. P. Lucyshyn W. & Richardson R. (2006). 2006 CSI\/FBI computer crime and security survey. Retrieved from http:\/\/i.cmpnet.com\/gocsi\/db_area\/pdfs\/fbi\/FBI20 06.pdf  Gordon L. A. Loeb M. P. Lucyshyn W. & Richardson R. (2006). 2006 CSI\/FBI computer crime and security survey. Retrieved from http:\/\/i.cmpnet.com\/gocsi\/db_area\/pdfs\/fbi\/FBI20 06.pdf"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.im.2003.12.010"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1080\/07421222.1993.11517994"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11747-014-0403-8"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.2753\/MIS0742-1222250310"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1111\/j.1365-2575.2012.00420.x"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1080\/10580530903455247"},{"key":"e_1_2_1_37_1","doi-asserted-by":"crossref","unstructured":"Hsu C. Lee J.-N. & Straub D. W. (2012). Institutional influences on information systems security innovations. Information Systems Research 23(3-part-2) 918--939.  Hsu C. Lee J.-N. & Straub D. W. (2012). Institutional influences on information systems security innovations. Information Systems Research 23(3-part-2) 918--939.","DOI":"10.1287\/isre.1110.0393"},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.2307\/249629"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.im.2014.10.002"},{"key":"e_1_2_1_40_1","unstructured":"ISACA. (2016). State of cybersecurity: Implications for 2016. Retrieved from https:\/\/www.isaca.org\/cyber\/Documents\/state-ofcybersecurity_ res_eng_0316.pdf  ISACA. (2016). State of cybersecurity: Implications for 2016. Retrieved from https:\/\/www.isaca.org\/cyber\/Documents\/state-ofcybersecurity_ res_eng_0316.pdf"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1177\/095148489300600202"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0268-4012(02)00105-6"},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.2308\/isys-10091"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1080\/10580530701221098"},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.im.2006.05.003"},{"key":"e_1_2_1_46_1","unstructured":"Knapp K. J. Marshall T. E. Rainer R.K. & Ford F. N. (2005). Managerial dimensions in information security: A theoretical model of organizational effectiveness. (ISC)2 Inc. Palm Harbor Florida and Auburn University Auburn Alabama.  Knapp K. J. Marshall T. E. Rainer R.K. & Ford F. N. (2005). Managerial dimensions in information security: A theoretical model of organizational effectiveness. (ISC)2 Inc. Palm Harbor Florida and Auburn University Auburn Alabama."},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1108\/09685220610648355"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.17705\/1jais.00302"},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.im.2003.08.001"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.5555\/2017410.2017417"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.2307\/25148781"},{"issue":"98","key":"e_1_2_1_52_1","first-page":"18","article-title":"New cyber hygiene campaign seeks to curtail attacks","volume":"726","author":"Magnuson S.","year":"2014","journal-title":"National Defense"},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.2307\/249630"},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1287\/isre.2.3.192"},{"key":"e_1_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.2307\/25148783"},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.5555\/2017356.2017358"},{"key":"e_1_2_1_57_1","doi-asserted-by":"crossref","unstructured":"Plouffe C. Hulland J. & Vandenbosch M. (2001). Richness versus parsimony in modeling technology adoption decisions - understanding merchant adoption of a smart card-based payment system Information Systems Research 12(2) 208--222.  Plouffe C. Hulland J. & Vandenbosch M. (2001). Richness versus parsimony in modeling technology adoption decisions - understanding merchant adoption of a smart card-based payment system Information Systems Research 12(2) 208--222.","DOI":"10.1287\/isre.12.2.208.9697"},{"key":"e_1_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1037\/0021-9010.88.5.879"},{"issue":"2","key":"e_1_2_1_59_1","first-page":"137","article-title":"How competitive forces shape strategy","volume":"57","author":"Porter M. E.","year":"1979","journal-title":"Harvard Business Review"},{"issue":"4","key":"e_1_2_1_60_1","first-page":"149","article-title":"How information gives you competitive advantage","volume":"63","author":"Porter M. E.","year":"1985","journal-title":"Harvard Business Review"},{"key":"e_1_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1287\/orsc.12.2.117.10115"},{"key":"e_1_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1287\/isre.1080.0174"},{"key":"e_1_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0378-7206(02)00010-1"},{"key":"e_1_2_1_64_1","doi-asserted-by":"crossref","unstructured":"Ringle C. M. Sarstedt M. & Straub D. (2012). A critical look at the use of PLS-SEM in MIS Quarterly. MIS Quarterly 36(1) iii-xiv.  Ringle C. M. Sarstedt M. & Straub D. (2012). A critical look at the use of PLS-SEM in MIS Quarterly. MIS Quarterly 36(1) iii-xiv.","DOI":"10.2307\/41410402"},{"key":"e_1_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1080\/00223980.1975.9915803"},{"key":"e_1_2_1_66_1","unstructured":"Rogers E. M. (1995). Diffusion of innovations (4th edition). New York NY: Fress Press.  Rogers E. M. (1995). Diffusion of innovations (4th edition). New York NY: Fress Press."},{"key":"e_1_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.2307\/2391536"},{"key":"e_1_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.5555\/2017204.2017207"},{"key":"e_1_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1108\/09685220010371394"},{"key":"e_1_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1108\/IMCS-08-2012-0045"},{"key":"e_1_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2004.07.001"},{"key":"e_1_2_1_72_1","unstructured":"Straub D. W. Goodman S. & Baskerville R. L. (2008). Framing the information security process in modern society. In D.W. Straub S. Goodman R.L. Baskerville (Eds.) Information security: Policy processes and practices (pp. 5--12). Armonk NY: M. E. Sharpe.  Straub D. W. Goodman S. & Baskerville R. L. (2008). Framing the information security process in modern society. In D.W. Straub S. Goodman R.L. Baskerville (Eds.) Information security: Policy processes and practices (pp. 5--12). Armonk NY: M. E. Sharpe."},{"key":"e_1_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.2307\/249551"},{"key":"e_1_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1287\/isre.1.3.255"},{"key":"e_1_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1287\/mnsc.40.9.1069"},{"key":"e_1_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.5555\/2017181.2017184"},{"key":"e_1_2_1_77_1","unstructured":"Tornatzky L. G. Fleischer M. & Chakrabarti A. K. (1990). Processes of technological innovation. Lanham MD: Lexington Books.  Tornatzky L. G. Fleischer M. & Chakrabarti A. K. (1990). Processes of technological innovation. Lanham MD: Lexington Books."},{"key":"e_1_2_1_78_1","doi-asserted-by":"publisher","DOI":"10.1109\/TEM.1982.6447463"},{"key":"e_1_2_1_79_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2004.01.013"},{"key":"e_1_2_1_80_1","doi-asserted-by":"publisher","DOI":"10.1287\/isre.1070.0143"},{"key":"e_1_2_1_81_1","unstructured":"Whitman M. & Mattord H. (2013). Management of information security. Boston MA: Cengage Learning.  Whitman M. & Mattord H. (2013). Management of information security. Boston MA: Cengage Learning."},{"key":"e_1_2_1_82_1","unstructured":"Wilson T. (2011). Security still an afterthought study says. Retrieved from https:\/\/www.darkreading.com\/risk\/security-still-anafterthought- study-says\/d\/d-id\/1136613  Wilson T. (2011). Security still an afterthought study says. Retrieved from https:\/\/www.darkreading.com\/risk\/security-still-anafterthought- study-says\/d\/d-id\/1136613"},{"key":"e_1_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1057\/palgrave.ejis.3000650"},{"key":"e_1_2_1_84_1","doi-asserted-by":"publisher","DOI":"10.1057\/palgrave.ejis.3000475"},{"key":"e_1_2_1_85_1","doi-asserted-by":"publisher","DOI":"10.1287\/mnsc.1050.0487"}],"container-title":["ACM SIGMIS Database: the DATABASE for Advances in Information Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3400043.3400046","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3400043.3400046","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T21:31:50Z","timestamp":1750195910000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3400043.3400046"}},"subtitle":["An Integrative Lens Based on Innovation Adoption and the Technology- Organization- Environment Framework"],"short-title":[],"issued":{"date-parts":[[2020,5,13]]},"references-count":85,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2020,5,13]]}},"alternative-id":["10.1145\/3400043.3400046"],"URL":"https:\/\/doi.org\/10.1145\/3400043.3400046","relation":{},"ISSN":["0095-0033","1532-0936"],"issn-type":[{"value":"0095-0033","type":"print"},{"value":"1532-0936","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,5,13]]},"assertion":[{"value":"2020-05-18","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}