Expressing opinions about information security in an organization: the spiral of silence theory perspective

Abstract

Purpose Expressing views on organizational information security (IS) by employees is vital for improving security processes, policies and trainings, while non-communication may conceal the true state of the human factor of IS and lead to security breaches. The purpose of this paper is to introduce the concept of opinion expressing about organizational IS, provide an explanatory model based on the theory of spiral of silence and offer its empirical validation. Design/methodology/approach Data from a web-based survey among the employees of one the universities in the European Union (n = 504) was analyzed with regression analysis to investigate the proposed hypotheses. Findings The study reveals that employees with positive opinions about IS will be more willing to share their opinions with coworkers and management. However, when employees perceive that their pro-IS opinions are not shared by other coworkers, they will remain silent, which increases the risk of problematic opinions spreading throughout the organization. Research limitations/implications The study highlights the need to focus on the communication perspectives of organizational information security, an area often overlooked in the human factor of information security research. Practical implications The results highlight the need to examine the gap between the dominant climate of opinion about IS in the organization and the display of compliant IS behaviors in order to strengthen IS endeavors. Organizations are encouraged to facilitate open dialogue about IS processes, policies and training and implement mechanisms for considering employees’ feedback in order to improve the organization’s IS. Originality/value The study contributes to a growing body of research that moves beyond viewing employees merely as subjects of compliance, recognizing instead their agency in IS issues that can enhance organizational resilience. To the best of the authors’ knowledge, this is the first study to apply the spiral of silence theory in the IS field, thereby helping to overcome the lack of communication science perspectives in organizational IS research.