A Conceptual Model for the Organisational Adoption of Information System Security Innovations

Information System (IS) Security threats is still a major concern for many organisations. However, most organisations fall short in achieving a successful adoption and implementation of IS security measures. In this paper, we developed a theoretical model for the adoption process of IS Security innovations in organisations. The model was derived by combining four theoretical models of innovation adoption, namely: Diffusion of Innovation theory (DOI), the Technology Acceptance Model (TAM), the Theory of Planned Behaviour (TPB) and the Technology-Organisation-Environment (TOE) framework. The model depicts IS security innovation adoption in organisations, as two decision proceedings. The adoption process from the initiation stage until the acquisition of innovation is considered as a decision made by organisation while the process of innovation assimilation is assumed as a result of the user acceptance of innovation within the organisation. In addition, the model describes the IS Security adoption process progressing in three sequential stages, i.e. pre-adoption, adoption- decision and post-adoption phases. The model also introduces several factors that influence the different stages of IS Security innovation adoption process. This study contributes to IS security literature by proposing an overall model of IS security adoption that includes organisational adoption and user acceptance of innovation in a single illustration. Also, IS security adoption model proposed in this study provides important practical implications for research and practice.