Graduation Year

2024

Document Type

Dissertation

Degree

D.B.A.

Degree Granting Department

Business Administration

Major Professor

Grandon Gill, D.B.A.

Co-Major Professor

Jay Civitillo, D.B.A.

Committee Member

Kaushik Dutta, Ph.D.

Committee Member

Hemant Merchant, Ph.D.

Keywords

cybersecurity, decision making, affective influence, top management, information security policy violation

Abstract

This dissertation is a research study that introduces the theoretical model of Relationship-Influenced Cyber Hygiene (RICH) through its investigation of the phenomenon the researcher experienced: how the interpersonal relationship between top management and cybersecurity personnel within smaller community banks influences the cyber hygiene of top management. Due to the value proposition of community banks to their clients and the limited budget of smaller institutions for investment in cybersecurity controls and initiates, community banks need additional strategies to achieve stronger cyber hygiene, especially as it relates the greatest weakness in most cybersecurity infrastructures—the human element. This study identifies and addresses a gap within current literature because existing theories and theoretical models fail to sufficiently explain and predict the phenomenon as experienced and perceived by the researcher. There are significant implications to practice surrounding this gap in literature due to the growing concern cybersecurity concerns and an ever-changing landscape rife with the interconnectivity of devices accessible through cyberspace.

To explore this phenomenon, the research study used grounded theory qualitative method because its processes are well-suited for examining phenomena and developing new theoretical models and theories from collected data. As part of the qualitative method, semi-structured interviews were selected as the data collection method. Through selective sampling, the researcher interviewed twelve participants from smaller community banks with six being members of top management and six functioning in the capacity of cybersecurity personnel respective their organization. The participants represented six community banks with one member of top management and one cybersecurity personnel from each of the six banks. Theoretical sampling was used to refine existing questions and develop new questions as needed while concurrently coding data to achieve saturation among the smaller sample size. Coding the data resulted in 102 open codes, 32 axial codes, and three selective codes with a common core category of affective relationship. Three key constructs—positive affective influence, neutral affective influence, and negative affective influence—were derived from the selective codes and used to create a theoretical model.

The primary finding of this study is the development of the relationship-influenced cyber hygiene (RICH) theory, which proposes that the affective nature of the relationship between top management and cybersecurity personnel influences the cyber hygiene of top management. This finding provides a novel theory and accompanying theoretical model that contributes to academic research and practice. The RICH theory developed through grounded theory fills the aforementioned gap in literature and provides a model that can be used to improve cyber hygiene of top management within smaller community banks and subsequently improve the cyber hygiene of the organization as well.

Download

Share

COinS