Human factors in information leakage: mitigation strategies for information sharing integrity
| Date | 08 July 2019 |
| Published date | 08 July 2019 |
| Pages | 1242-1267 |
| DOI | https://doi.org/10.1108/IMDS-12-2018-0546 |
| Author | Wai Peng Wong,Hwee Chin Tan,Kim Hua Tan,Ming-Lang Tseng |
| Subject Matter | Information & knowledge management |
Human factors in information
leakage: mitigation strategies for
information sharing integrity
Wai Peng Wong and Hwee Chin Tan
School of Management, Universiti Sains Malaysia,
Penang, Malaysia
Kim Hua Tan
University of Nottingham, Nottingham, UK, and
Ming-Lang Tseng
Institute of innovation and circular economy,
Asia University, Taichung City, Taiwan and
Department of Medical Research,
China Medical University Hospital, Taichung City, Taiwan
Abstract
Purpose –The purpose of this paper is to explore the human factors triggering information leakage and
investigate how companies mitigate insider threat for information sharing integrity.
Design/methodology/approach –The methodology employed is multiple case studies approach with
in-depth interviews with five multinational enterprises (MNEs)/multinational corporations (MNCs).
Findings –The findings reveal that information leakage can be approached with human governance
mechanism such as organizational ethical climate and information security culture. Besides, higher frequency
of leakages negatively affects information sharing integrity. Moreover, this paper also contributes to a
research framework which could be a guide to overcome information leakage issue in information sharing.
Research limitations/implications –The current study involved MNCs/MNEs operating in Malaysia,
while companies in other countries may have different ethical climate and information sharing culture. Thus,
for future research, it will be good to replicate the study in a larger geographic region to verify the findings
and insights of this research.
Practical implications –This research contributes to the industry and business that are striving toward
solving the mounting problem of information leakage by raising awareness of human factors and to take
appropriate mitigating governance strategies to pre-empt information leakage. This paper also contributes to
a novel theoretical model that characterizes the iniquities of humans in sharing information, and suggests
measures which could be a guide to avert disruptive leakages.
Originality/value –This paper is likely an unprecedented research in molding human governance in the
domain of information sharing and its Achilles’heel which is information leakage.
Keywords Information sharing, Human governance, Information security culture, Information leakage,
Organization ethical climate
Paper type Research paper
1. Introduction
Advocates of information sharing had highlighted the potential benefits of using valuable
information to improve overall organization performance (Fawcett et al., 2007; Kembro et al.,
2017). Information sharing isinstrumental to foster collaboration and strengthenrelationships
among employees within an organization and across organizations with business partners
(Lee and Whang, 2000).However, the advantages of information sharing can only be realized
when the informationshared between the sender and the receiveris integral, wholesome and
Industrial Management & Data
Systems
Vol. 119 No. 6, 2019
pp. 1242-1267
© Emerald PublishingLimited
0263-5577
DOI 10.1108/IMDS-12-2018-0546
Received 6 December 2018
Revised 18 February 2019
31 March 2019
Accepted 7 April 2019
The current issue and full text archive of this journal is available on Emerald Insight at:
www.emeraldinsight.com/0263-5577.htm
The authors would like to thank the Academy of Sciences Malaysia, British Academy and
Newton-Ungku Omar Fund (Grant No. 304/PMGT/650912/B130) and Fundamental Research Grant
Scheme (203/PMGT/6711513) to complete this research project.
1242
IMDS
119,6
undistorted (Durugbo et al., 2014; Kwon and Suh, 2005). In other words, the value of the
informationshared remains intactand uncontaminated. In many cases,inaccurate or distorted
information creates chaos and disruption to the organization (Cannella et al., 2015; Dai et al.,
2016; Kwak and Gavirneni, 2015). The fearful causeof information inaccuracy and distortion
in information sharing is internal information leakage.
Many information sharing specialists believe that promoting technology to protect
information against external attacks is an important method for making information
sharing effective within organizations (Stoneburner et al., 2002; Sumner et al., 2012).
Surprisingly, although organizations always have been concerned about vulnerability to
external threats, recent industry research indicates that a substantial amount of
information leakage incidents actually originated from within the organization
(Padayachee, 2016; Stanton et al., 2005). This is copiously supported by the Global
Data Leakage Report 2016 of InfoWatch. Its latest issue of information leakage in 2016
shows that among the data leaks logged, 38.2 percent of the cases were triggered by
external attacks, while 61.8 percent were caused by internal offenders (InfoWatch, 2016).
These insider leakages are major concerns and constitute the primary attention of
this research.
Information leakage refers to the act of intentional or unintentional disclosure of
information to an unauthorized party (Anand and Goyal, 2009). Practically all companies are
familiar to insiders posing risks due to their legitimate access to their organizations’
facilities, assets and valuable information (Colwill, 2009; Hunker and Probst, 2011;
Magklaras and Furnell, 2005). These insiders will likely know how to achieve the greatest
impact while leaving behind little or no evidence (Colwill, 2009). These harmful loss and
disclosures of business information are cited in business reports; and industry experiences
have shown information leakage propagated by authorized user or insider threats are
continually succeeding in harming organizations (Huth et al., 2013). Therefore, insiders are
among the greatest threat to the organization and insider leakage should be curbed if
organizations want to gain competitive advantage through information sharing (Huong
Tran et al., 2016; Tan et al., 2016; Zhang et al., 2012).
This study is important because the protection of confidential data against leakage is a
growing concern going by the leakage statistics (InfoWatch, 2016). Apparently, the
traditional way of protection using information security policies and conventional security
mechanisms such as firewalls, virtual private networks and intrusion detection systems
continue to succumb to the exploits of insiders and outsiders alike (Alneyadi et al., 2016;
InfoWatch 2016). Regrettably, these mechanisms lack proactiveness in pr otecting
confidential data.
We posit that the inherent complexities of the insider threat impacting information
leakage and the integrity of information sharing call for an examination of human factors.
Thus, the overarching goal of this research is to investigate how companies could mitigate
leakage caused by insider attacks in information sharing. Specifically, we wish to address
the following research questions:
RQ1. Why does information leakage happen?
RQ2. How could information leakage impact information sharing integrity?
RQ3. How could information leakage be mitigated?
The findings from this study will enable managers to make better-informed decisions to
help them develop appropriate mitigation and governance strategies in order to maintain
the consistency, accuracy and reliability information in their organizations (Nayar, 2004).
The exploratory nature of this study dictated that a qualitative, multiple case study
approach should be adopted. The study involved a total of five multinational companies
1243
Human factors
in information
leakage
To continue reading
Request your trial