Relationships between need-pull/technology-push and information security management and the moderating role of regulatory pressure

Information security management (ISM) has become more important than ever, as the expansion of corporate information systems and the use of networks continue to increase. Many organizations consider ISM an important part of organizational innovation and key to strategic and operational efficiency. Managers require a firm understanding of the behavioral aspect of ISM, particularly of how their firms’ internal and external characteristics affect the ISM process. This study draws on need-pull–technology-push (NP–TP) theories and employs data on information security users to investigate the NP and TP factors influencing the awareness, development, and performance stages of ISM. This study also examines the moderating role of regulatory pressure in those relationships. The research model is tested with data taken from a random sample of global organizations obtained through the Korea Composite Stock Price Index, the Korean Securities Dealers Automated Quotation, and the Korea Foreign Company Association. The results indicate that all NP–TP variables had positive effects on the ISM process (with the exception of perceived benefits). Moreover, regulatory pressure had positive effects as a moderator between ISM awareness and ISM development and performance.