Moderating role of entrepreneurial orientation on the relationship between information security management and firm performance in Kenya

Abstract

The purpose of this study was to investigate the moderating role of entrepreneurial orientation (EO) on the relationship between information security management (ISM) and firm performance in Kenya. Research has shown that in an environment of dynamic technology and shortened product and business model lifecycles, firms may benefit from adopting both an EO and strategic entrepreneurship in their quest for sustained competitive advantage. Technological advances contribute to market imperfections, in turn leading to the formation of entrepreneurial opportunities, a demonstration that technological entrepreneurship transforms promising technologies into value. However, increasing dependence on technology by organizations to drive businesses and to create a competitive advantage makes ISM for organizations extremely challenging. Companies suffer significant financial and reputational damage due to ineffective ISM, severely impacting firm's performance and their market valuation. This study tested the null hypotheses that top management commitment, information security policy enforcement, human-related information security issues, IT competence, and information security risk assessment have no relationship with firm performance in Kenya and the null hypothesis that, EO does not moderate the influence of ISM on firm performance in Kenya. Positivism paradigm approach and mixed method research guided by cross-sectional survey design was adopted in this study. The target population for this study were the medium-sized companies in Kenya, and the respondents were the IT managers of these firms. The study used a census approach. A selfadministered,

semi-structured questionnaire was used to collect primary data. Secondary data was obtained from published sources such as library, internet and research done by other scholars. The questionnaire was tested for validity and reliability. Quantitative and qualitative techniques were used to analyze the collected data with the assistance of Statistical Package for Social Sciences (SPSS) software, Ms-Excel, Analysis of Moment Structures (AMOS), SmartPLS, STATA, R-GUI and ATLAS.ti software. Analyses were conducted using a two-phase process consisting of confirmatory measurement model and confirmatory structural model. Also, moderated multiple regression (MMR) analysis was carried out by comparing ordinary leastsquares

(OLS) regression model and MMR model. The study found that top management commitment, human-related information security issues and information security risk assessment were individually significant predictors of firm performance with information security risk assessment being the most significant predictor of the three. The results also revealed that EO significantly moderated the relationship between information security management and firm performance. Overall, the study demonstrated positive relationship between technological entrepreneurship and firm performance. This study recommends that factors associated with technology need to be enhanced by including them in the mission and vision statements of firms and making them part of their code of conduct as they have the greatest impact on firm performance. EO concept should be made a management philosophy in majority of firms, and finally, firms should be encouraged to increase their entrepreneurial intensity levels for superior performance. Lastly, effective implementation of ISM is capable of creating greater gaps between the leaders and laggards in the market, thus creating a pattern that closely matches the turbulent “creative destruction” mode of capitalism known as “Schumpeterian competition”.