A mixed methods study of information security technology adoption in banking organizations

An investigation into the adoption of information security technology by banking organizations is conducted using a mixed methods approach that combines both quantitative and qualitative analyses techniques. A theoretically-based security technology adoption model is proposed based on review and meta-analysis of relevant literature. The proposed research model posits that the perceived compatibility of organizational security requirements with security technology characteristics positively affects security technology adoption and that perceived complexity, as determined by organizational security capabilities and security technology characteristics, negatively affects security technology adoption. The model provides a basis for the development of hypotheses that are statistically tested using data collected via survey. To supplement the analyses, a single case study of a large banking organization's information security technology adoption process is also conducted to examine how banking organizations make decisions to adopt information security technologies. Results from the quantitative analysis of data collected via the survey are triangulated with findings from the qualitative case study to identify a number of factors affecting the phenomena of information security technology adoption in banks.