Paul Benjamin Lowry

Paul Benjamin Lowry
Virginia Polytechnic Institute and State University | VT · Department of Business Information Technology

Ph.D.

About

291
Publications
348,768
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
11,660
Citations
Introduction
I perform research in four areas, all of which I also research from international- and cross-cultural perspectives: (1) IT security and compliance issues (2) HCI and Decision Science (3) E-commerce and supply chains (4) Scientometrics
Additional affiliations
September 2018 - present
Virginia Polytechnic Institute and State University
Position
  • Chair
August 2016 - August 2018
The University of Hong Kong
Position
  • Professor (Full)
July 2011 - August 2016
City University of Hong Kong
Position
  • Associate Professor (thru 2014); Full Professor (thru 2016)
Education
September 1999 - April 2002
The University of Arizona
Field of study
  • Management Information Systems

Publications

Publications (291)
Article
This research investigates the factors that motivate employees to protect their organizations from information security threats via protection-motivated behaviors (PMBs). A model founded on Protection Motivation Theory (PMT) and several rival explanations is assessed using data from 380 employees from a wide variety of industries in the U.S. Severa...
Article
Full-text available
Information systems (IS) journal rankings and ratings help scholars focus their publishing efforts and are widely used surrogates for judging the quality of research. Over the years, numerous approaches have been used to rank IS journals, approaches such as citation metrics, school lists, acceptance rates, and expert assessments. However, the resul...
Article
Full-text available
Access policy violations by organizational insiders are a major security concern for organizations because these violations commonly result in fraud, unauthorized disclosure, theft of intellectual property, and other abuses. Given the operational demands of dynamic organizations, current approaches to curbing access policy violations are insufficie...
Article
Full-text available
Hedonic-motivation systems (HMS) — systems used primarily to fulfill users’ intrinsic motivations — are the elephant in the room for IS research. Growth in HMS sales has outperformed utilitarian-motivation systems (UMS) sales for more than a decade, generating billions in revenue annually; yet IS research focuses mostly on UMS. In this study, we ex...
Article
Full-text available
Online whistle-blowing reporting systems (WBRS) are becoming increasingly prevalent channels for reporting organizational failures. The Sarbanes-Oxley Act and similar international laws require firms to establish whistle-blowing (WB) procedures and WBRS, thus increasing the importance of WB research and applications. Although the literature has add...
Article
Full-text available
Reports indicate that employees are willing to share sensitive information under certain circumstances, and one-third to half of security breaches are tied to insiders. These statistics reveal that organizational security efforts, which most often rely on deterrence-based sanctions to address the insider threats to information security, are insuffi...
Article
Full-text available
Companies in platform-based business markets have widely embraced freemium business models, in which profit is primarily determined by a minority of paying customers. However, the key challenge of these models is transitioning participants from free users to paying consumers. To encourage paid consumption, companies often rely on product differenti...
Article
Full-text available
Exchanging social support on online health communities (OHCs) can be beneficial to people's health, but the OHC characteristics that promote environments in which users feel socially supported are understudied. We develop a model that examines the mediating influence of OHC cohesiveness, altruism, and universality on the relationships between activ...
Article
Full-text available
Despite widespread agreement among practitioners and academicians that organizational insiders are a significant threat to organizational information systems security, insider computer abuse (ICA)-unauthorized and deliberate misuse of organizational information resources by organizational insiders-remains a serious issue. Recent studies have shown...
Article
Full-text available
Companies in platform-based business markets have widely embraced freemium business models where profit primarily depends on a minority of paying customers. However, the key challenge of these models is transitioning participants from free users to paying consumers. To encourage paid consumption, companies often rely on product differentiation such...
Article
Full-text available
Although there is a growing understanding of theory building in the information systems (IS) field, what constitutes IS theory remains the subject of intense debate. Following Weick's recommendation to focus on the products of theorizing rather than on what theories are, we assemble and analyze 12 products: question; paradigm; law, framework, myth,...
Article
Full-text available
Background: Despite widely implemented, enterprise systems remain an unsettled role in organizational innovation. This study purposes to address the effects of enterprise systems (ES) on firm innovation by adopting resource-based theory and capability building theory to focus on ES-enabled competence, rather than ES investment or implementation. ES...
Article
Full-text available
The aim of fitness technologies, a combination of wearables and associated applications, is to support users’ health and fitness regimes. The market for fitness technologies continues to increase, and the technologies themselves are quickly advancing. However, it is unclear how effective fitness technologies are in generating wellness outcomes, and...
Article
Full-text available
A substantial amount of previous research has examined the efficacy of fear appeals to elicit security-enhancing behaviors from users. However, despite more than a decade of research on fear appeals in security contexts, researchers have yet to understand which factors drive users' responses to fear appeals. Instead, the literature is riddled with...
Article
Full-text available
The rapid digital transformations across every industry sector, accelerated partly due to the COVID-19 pandemic, have increased organizations’ use of information systems for operational and strategic purposes. These organizational responses have led to a confluence of digital, biological, and physical technologies that are revolutionizing business...
Article
Full-text available
This study examines relationships between the location of supply chain disruptions (SCDs) within the supply chain, a firm's experience with SCDs, and the disruption severity. Using organizational learning theory, we propose that an organization's prior experience with SCDs will reduce the negative influence of future disruptions. However, the locat...
Article
Full-text available
What is happening in hacker's minds when they are committing criminal activities? How black hat hackers manage nerves, which is about managing fear and underlying emotions, and which tactics they employ during their decision-making process before, during and after committing a crime, is the question that could provide some initial insights on hacke...
Chapter
Although there has been a growing understanding of theory in the Information Systems (IS) field in recent years, the process of theorizing is rarely addressed with contributions originating from other disciplines and little effort to coherently synthesize them. Moreover, the field’s view of theorizing has traditionally focused on the context of jus...
Article
Full-text available
Organizations invest heavily to develop and maintain websites to meet a variety of organizational goals, some transactional (e.g. online purchases) and others non-transactional (e.g. influencing brand attitude and disseminating product information). Although factors related to designing websites to promote transactional outcomes have been widely st...
Article
Full-text available
In this study, we investigate the nature of the influence of organizational information technology (IT) on innovation. To examine this relationship, we leverage a fundamental construct: harmonious IT affordance (HITA). HITA is defined as the degree of coalignment between three salient organizational IT affordances, each of which allows an organizat...
Article
Full-text available
Organizational information security (ISec) threats have exploded with advances in globalization and technology. Thus, organizations are scrambling to find both technical and behavioral approaches to shore up security. Whereas security technologies are crucial to these efforts, they are often rendered useless by employees' misunderstanding, careless...
Article
Full-text available
Objective With the advancement of mobile technologies, patients can access medical and patient educational information anytime and anywhere. Computer-aided patient education has been advocated as a key means of interventions for improving patient knowledge and compliance (i.e., adherence). However, evidence of the efficacy of computer-aided patient...
Article
A substantial amount of previous research has examined the efficacy of fear appeals to elicit security-enhancing behaviors from users. However, despite more than a decade of research on fear appeals in security contexts, researchers have yet to understand which factors drive users’ responses to fear appeals. Instead, the literature is riddled with...
Article
Full-text available
Gamification has taken the world by storm. Regardless of where one stands on gamification, it can aptly be described as interesting but also galvanising and controversial. We are pleased to write a provocative editorial to kick off this special issue on gamification in the European Journal of Information Systems. Our position is that the informatio...
Conference Paper
Full-text available
The COVID-19 pandemic has transformed the workspace, thrusting countless employees from organizational work settings to their homes, where they work virtually to access key organizational assets through their cyberinfrastructure. This large-scale virtual workforce imposes drastic cybersecurity issues, threats, and challenges to organizations. To on...
Conference Paper
Full-text available
Smartphone users often find mobile security notifications (MSNs) to be annoying and intrusive. MSNs are security warnings displayed on mobile interfaces designed to protect mobile phone users from security attacks. Traditionally, users are forced to choose between “Yes” (“Accept”) or “No” (“Ignore” or “Deny”) decisions in response to MSNs. However,...
Article
Full-text available
Information security (ISec) is a pervasive concern of individuals, organizations, and governments. To encourage individuals to engage in and learn about secure behaviors, ISec research has turned to fear appeals, which are short messages that communicate threats and efficacy to elicit protection motivation among recipients. However, ISec research h...
Article
Full-text available
The use and popularity of online auctions is exploding all over the world. Bidding strategies are important because they are related to an auction's final price and ultimately its revenue. This study investigates the bidding strategies adopted by online bidders and the factors of the bidders, including bidding motivations, time availability, biddin...
Article
Full-text available
The unauthorized use of personal information belonging to users of apps integrated with the Facebook platform affects millions of users. Crucially, although privacy concerns and awareness have increased, the use of these apps, and related privacy behaviors, remain largely unchanged. Given that such privacy behaviors are likely influenced by individ...
Article
Full-text available
The explosive global adoption of mobile applications (i.e., apps) has been fraught with security and privacy issues. App users typically have a poor understanding of information security; worse, they routinely ignore security notifications designed to increase security on apps. By considering both mobile app interface usability and mobile security...
Article
Full-text available
Communication via a social network function enabled by social media has greatly empowered consumers' secondary crisis communication, as compared to a firm's crisis communication, and has thus changed corporate crisis management. This study aims to uncover consumers' decision process of engaging in secondary crisis communication in a social media co...
Article
Full-text available
Purpose The physical internet (PI) is an emerging logistics and supply chain management (SCM) concept that draws on different technologies and areas of research, such as the Internet of Things (IoT) and key performance indicators, with the purpose of revolutionizing existing logistics and SCM practices. The growing literature on the PI and its note...
Article
Full-text available
Given the global increase in crippling cyberattacks, organizations are increasingly turning to cyberthreat intelligence (CTI). CTI represents actionable threat information that is relevant to a specific organization and that thus demands its close attention. CTI efforts aim to help organizations “know their enemies better” for proactive, preventive...
Article
Researchers and practitioners have long believed that information technology (IT) is a key tool for fostering innovation. However, there is a certain inconsistency in the literature, which makes it challenging for researchers to figure out exactly how and why IT plays such a pivotal, strategic organizational role. The motivation for this research i...
Article
Full-text available
Never in history have global supply-chain relationships in high-tech electronics firms been more sophisticated, complicated, and almost always tied in some major aspect to China. This research examines how interorganizational (IO) cooperation impacts performance and what role relationship learning and information technology (IT) integration play in...
Article
Full-text available
Purpose This article reports the results from a panel discussion held at the 2019 European Conference on Information Systems (ECIS) on the use of technology-based autonomous agents in collaborative work. Design/methodology/approach The panelists (Drs Izak Benbasat, Paul Benjamin Lowry, Stefan Morana, and Stefan Seidel) presented ideas related to a...
Article
Given the global increase in crippling cyberattacks, organizations are increasingly turning to cyberthreat intelligence (CTI). CTI represents actionable threat information that is relevant to a specific organization and that thus demands its close attention. CTI efforts aim to help organizations “know their enemies better” for proactive, preventive...
Article
Full-text available
We conducted a design-science research project to improve an organization’s compound problems of (1) unsuccessful employee phishing prevention and (2) poorly received internal security training. To do so, we created a gamified security training system focusing on two factors: (1) enhancing intrinsic motivation through gamification and (2) improving...
Conference Paper
Full-text available
The advent of Internet of Things (IoT) technology exponentially increases the collection of new information types in consumers’ lives from various sensors. However, many consumers do not fully recognize the potential privacy and security risks (PSR) associated with IoT. Those who are aware rarely take action to protect their personal information be...
Article
Full-text available
Brief article about success recommendations for current and future business Ph.D. students.
Data
In this appendix, we classify literature on the Physical Internet. The category for each study can be found in the first column: C: Conceptual research; A: Assessment research; S: Solutions design research; V: Validation research; L: Literature research. The theme is classified as follows: BM: PI business models; CM: PI cooperation models; LF: Leg...
Article
Full-text available
Scholars are increasingly calling for a deeper understanding of cyberharassment (CH) with the goal of devising policies, procedures, and technologies to mitigate it. Accordingly, we conducted CH research that (1) integrated social learning theory (SLT) and self-control theory (SCT); (2) empirically studied this model with two contrasting samples, e...
Article
Full-text available
Protecting organizational information is a top priority for most firms. This reality, coupled with the fact that organizational insiders control much of their organizations' valuable information, has led both researchers and practitioners to acknowledge the importance of insiders' behavior for information security (InfoSec). Until recently, researc...
Article
Full-text available
Purpose: This article reports the results from a panel discussion held at the 2019 European Conference on Information Systems (ECIS) on the use of technology-based autonomous agents in collaborative work. Approach: The panelists (Drs. presented ideas related to affective and cognitive implications of using autonomous technology-based agents in term...
Article
Full-text available
Researchers and practitioners have long believed that information technology (IT) is a key tool for fostering innovation. However, there is a certain inconsistency in the literature, which makes it challenging for researchers to figure out exactly how and why IT plays such a pivotal, strategic organizational role. The motivation for this research i...
Article
Full-text available
Recent research has shown that typically law-abiding people perceive the act of illegal downloading as less unethical than other illegal acts. A major thrust of today's digital piracy research is indeed to understand how emerging social norms influence consumer perceptions and lead to rationalisations that justify antinormative behaviour despite mo...
Article
Full-text available
There is a growing body of research about the influence of users’ perceived stress on their social networking site (SNS) usage behaviors. In general, stress negatively leads to a reduction in SNS usage (e.g., discontinuous use and self-disclosure). However, very little research has examined how SNS users strive to resolve stress problems from a pos...
Article
Full-text available
Higher education institutions (HEIs) are progressively computerized to deal with substantial academic and operational information. With the increase in enriched information systems (IS) comes the potential hazard of malicious exposure to internal and external threats. This academic sector is advancing in the implementation of technical security con...
Article
Full-text available
Since the start of human civilisation, storytelling has served as an effective medium for disseminating important knowledge within families, communities, and organisations. We make a case for the use of visual storytelling, namely, video stories, to supplement traditional scholarly articles in the Information Systems (IS) discipline, thereby explor...
Article
The explosive global adoption of mobile applications (i.e., apps) has been fraught with security and privacy issues. App users typically have a poor understanding of information security; worse, they routinely ignore security notifications designed to increase security on apps. By considering both mobile app interface usability and mobile security...
Article
Full-text available
More than a decade ago, Lowry & Turner (2005) provided evidence-based recommendations regarding what students of information systems (IS) management education should learn and how should they learn it. Although their recommendations for how IS management should be taught remain valid, these recommendations need to be updated to account for recent a...
Article
Full-text available
During an online session, a user may visit a number of websites, often following hyperlinks from one website to the next or using a search results page to find and visit pages of interest. In doing so, the user can lose track of which sites were visited and which were helpful in meeting the intended objective. Consequently, sites that may have prov...
Conference Paper
Full-text available
Purpose: This article reports the results from a panel discussion held at the 2019 European Conference on Information Systems (ECIS) on the use of technology-based autonomous agents in collaborative work. Approach: The panelists (Drs. Izak Benbasat, Paul Benjamin Lowry, Stefan Morana, and Stefan Seidel) presented ideas related to affective and cog...
Preprint
Full-text available
It is crucial that beginning and emerging academics learn some of the key rules about citing articles and giving proper attribution of ideas. In this article, I cover some of the basics that students and emerging scholars must pay attention to. First, I discuss the importance of accurately citing articles, and how to avoid mistakes in providing att...
Article
Full-text available
Although there has been a growing understanding of theory in the information systems field in recent years, the process of theorizing is rarely addressed with contributions originating from other disciplines and little effort to coherently synthesize them. Moreover, the field’s view of theorizing has traditionally focused on the context of justific...