CD var/Inc:Influence of it - security on banks' competitiveness in Germany

'ABSTRACT The study questions the impact of IT security on the competitiveness of banks in Germany. Q1: Does IT Security Adoption positively influence a bank's competitiveness? Additionally the influence of the variables Human Resources, Risk Management and Strategic Alignment on the adoption of IT security standards were evaluated:Q2: 'How do the aspects 'Strategic Alignment ','Human Resources' and 'Risk Management' of a bank influence IT Security Adoption?'. The relevance relies on the need for knowledge about the impact of IT security adoption on competitiveness; it reasons that IT security has to be included into strategic planning. Secondly the knowledge about the impact of inner organizational factors on IT security is interesting, allowing optimizations in performance and cost effectiveness. A theoretical model, based on literature, was formulated. A quantitative approach is used, allowing hypothesis test, several statistical methods and generalization of results within calculable confidence intervals. An online survey, with a total of 377 persons who are employed in IT security in banks or related sectors, is conducted. The share of women (8.8%) is small compared to non-responders (14.9%) and men (76.4%) is small compared to non-responders (14.9%) and men (76.4%). A cross validation of gender shows no significant effect on key variables.''Structural Equation Modelling' ensures the statistical validity of the results. As the key variables are latent, reflective modelling is modelling is employed. Every latent construct is represented by four items. Every sinlge item meets the criteria of near-normality for employtment of SEM with GLS estimation . Reliability is measured in three steps. Construct reliability is proven via Cronbach's Alpha; every variable reaches excellent values of 0.85. EFA and correlation-matrix show good matches for measurement . Model fit is estimated with AGFI=0.92, RMR=0.09 and RMSEA=0.04; showing good fit and no potential for improvements. The casual analyses were done in SEM full model. The results were explicit: Hypothesis H 1 (the impact of IT Security Adoption on Competitiveness) can be retained.Answer to Q1: Yes, IT Security Adoption positively influences bankscompetitiveness, with a middle-sized impact (v=0.37. Question Q2 lead to hypotheses H2-H4. Hypothesis H2 is retainable , with a strong impact (v=0.47) of Strategic Alignment on IT security adoption. H3:Human Resources have a weak-sized impact (y=0.28) on IT security adoption. H4: Risk Management is falsified , it has no impact ( v=0.07) The answer for Q2: Strategic Alignment has a big and Human Resources a weak positive impact on IT Security Adoption. Risk Management has no measurable impact. Key words: bank; banking; competitiveness;empirical;financial;Germany;human resources; IT; risk management; security; SEM; survey. '

1 RESEARCH INTEREST AND RELEVANCE

1 Bank's importance for society and importance of IT security for banks

6 Research questions and structure of this study

10 Focusing on German Banks; preconditions and relevance of the study

10 Banks as actors in the societal subsystem economy

12 Germany as financial key market

13 Generating scientific usable knowledge

16 LITERATURE REVIEW AND CONCEPTUALIZATION OF THE THEORETICAL MODEL

16 IT as a central element of banking service

19 Threats for IT Security

24 Conceptualization the Casual Model

26 Defining Competitive and its dimensions

28 Conceptualization IT Security - It Security Adoption

31 Human Resources- Security awareness of the employees

35 Risk Management- Dealing with threats for the IT Security

38 Strategic Alignment

41 METHODOLOGY FOR THE EMPIRICAL ANALYSES

41 Operationalization of the latent constructs

43 Quantitative versus qualitative approaches

43 Qualitative methods

44 Quantitative methods

46 Selecting sampling method -the online survey

48 Quantitative data analysis strategy: Regression vs. SEM

50 Advantages of SEM

51 Building complex structured models

51 Differentiation between latent and manifest variables

52 Correction of measurement errors

53 Model Fit

55 Finding effects of not-included variables

55 A posterior modifications of the model

56 Requirements of SEM

56 Dealing with missing data

57 The number of measuring items-model complexity

58 The sample size determination based on model complexity

58 Demands on sample size

59 The sample size determination based on model complexity

61 Determination of the sample size based on effect size for the effect of the sample

62 Description of the sample

62 Total size of the sample, privacy concerns, dropout of variables

64 Gender of participants

65 Age of the respondents

66 Formal education of interviewees

67 Current department of the interviewees

68 Current position of the interviewees

70 STATISTICAL ANALYSES

70 The statistical procedure

73 Description statistics : Manifest variables of endogenous latent constructs

73 Dependency on distribution of data and implications of content

75 IT Security Adoption

78 Competitiveness

81 Cross validation of demographic or positional impacts on the endogenous variables

84 Description Statistics: Manifest variables of exogenous latent constructs

84 Human resources

87 Risk Management

89 Strategies Alignment

92 Model Validation

92 Findings of the descriptive analyses for model validity

93 Correlations between measurement variables

95 Explanatory Factor Analyses (EFA)

98 Confirmatory Factor Analyses of full model (CFA)

103 CASUAL ANALYSES

103 SEM Full Model

105 The inner model - Theoretical implications of the empirical anlyses

108 CONCLUSION

108 Summarizing the study

112 Further questions for future studies

113 REFERENCE

120 APPENDİX

120 Survey Questionnaire

121 Curriculum Vitae