Score contribution per author:
α: calibrated so average coauthorship-adjusted count equals average raw count
Much information security research focuses on policies firms could adopt to reduce or eliminate employees’ violation behavior. However, current information security policies are based on increasingly outmoded models of compliance behavior. This paper proposes a novel behavioral-based mechanism that offers rewards and punishments to incentivize employees to take the time to protect a company's information assets. This new mechanism is grounded in insights from externality taxes and subsidies, as well as from behavioral economics, that specific incentives operationalized as monetary rewards and punishments effectively improve information security compliance. We also consider the importance of detection in implementing our mechanism. We conduct a set of laboratory experiments to study the impact of the rewards and punishments, as well as the importance of the probability of detection.