Investigation into the formation of information security influence: Network analysis of an emerging organisation

While prior research has been examining information security behaviours in mature environments with formal policies and practices, there is less attention paid to new or transforming environments that lack security controls. It is crucial to understand what factors affect the formation of an emerging information security environment, so that security managers can make use of the forming mechanisms to improve the security environment without relying too much on enforcement. This research adopts exponential random graph modelling to predict the occurrence of information security influence among 114 employees in a recently established construction organisation. Our empirical findings show that physically co-locating, as well as having specific senior levels and similar tenure can result in more security influence. Other contributing work relationships include the exchange of work-related advice, interpersonal trust, and seeing others as role model and long-term collaborators. The structural features of the information security influence network were also examined, which offer strategies for security managers to diffuse security behaviours within the workplace. Furthermore, specific directions for future network research were elaborated in detail.