Abstract
Although providers’ decision makers constantly emphasize a low IT security risk (ITSR) in the Cloud, numerous serious IT security incidents have occurred over the last few years. Considering the theoretical availability of effective safeguards against most of these risks, it seems that in many cases, the Cloud providers’ decision makers may have underestimated the ITSRs. The psychological research terms comparable phenomena “unrealistic optimism”. While prior research has intensively studied the ITSR perceptions of (potential) Cloud customers, the provider side has been completely neglected. In general, even though correct IT security risk assessments are the foundation for effective IT security risk management in organizations, no research has been dedicated to the effects of organizational decision makers’ subjective ITSR perceptions on the implementation of necessary safeguards. Even more importantly, little or no attention has been paid to the existence and consequences of possible systematic errors in ITSR perceptions. Against this backdrop, the first part of this thesis adds a new perspective to the stream of organizational IT security risk management literature, one that sheds light on the importance of decision makers’ ITSR perceptions. Drawing on psychological risk perception theory, we propose an extended theoretical IT security risk management model that explicates how the subjective ITSR perceptions of decision-makers predict the outcome of providers’ IT security risk management. Additionally, we transfer established methods of measuring unrealistic optimism to the IT context, which enables us to systematically capture and analyze a potential underestimation of the ITSRs at the provider side. Based on a large-scale empirical study of Cloud providers located in North America, we reveal that in many cases, the providers’ decision makers significantly underestimate their services’ ITSR exposure, which inhibits the implementation of necessary safeguarding measures. We also demonstrate that even though the prevalence of ITSR perceptions among customers considering Cloud adoption is widely recognized, providers only pay very limited attention to the concerns expressed by customer companies. In this regard, the specific characteristics of the Cloud and the systematic underestimation of ITSRs by providers’ decision makers are likely to cause serious disagreements with (potential) customers about the ITSRs of the Cloud. Drawing on perceptual congruence literature, the second part of this thesis examines matched survey responses of Cloud providers and their (potential) customers located in Germany, showing a consistent pattern of perceptual differences across all ITSRs relevant to the Cloud. In this context, this thesis proposes an extended theoretical model of Cloud adoption that reveals that this disagreement has strong adverse effects on important downstream beliefs
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
