Abstract Information security (infosec) is important for organizations. While budgeting for infosec is a crucial resource allocation decision, infosec managers may choose to follow other fellow experts’ recommendations or baseline practices. The present paper uses reputational herding theory to explain the decision made by infosec managers to use a “let's follow others” strategy in this context. Based on a sample of 106 organizations in Finland, we find that infosec managers’ ability to accurately predict the benefit of infosec investment, as well as their reputations, have significant effects on motivating them to discount their own information. Infosec managers’ discounting of their own information, together with the strength of information that relates to infosec investment and mandatory requirements, motivates infosec investment. Our empirical results highlight the “let's follow others” strategy as an important alternative to cost–benefit analysis in terms of budgeting for infosec investment.

中文翻译：

---

我们要跟随吗？声誉关注对信息安全管理者投资决策的影响

摘要 信息安全 (infosec) 对组织很重要。虽然信息安全预算是一项至关重要的资源分配决策，但信息安全经理可能会选择遵循其他专家的建议或基线实践。本文使用声誉羊群理论来解释信息安全经理在这种情况下使用“让我们跟随他人”策略的决定。基于芬兰 106 家组织的样本，我们发现信息安全经理准确预测信息安全投资收益的能力以及他们的声誉，对激励他们打折自己的信息有显着影响。信息安全管理人员对自己信息的贴现，以及与信息安全投资和强制性要求相关的信息强度，激发了信息安全投资。