A Psychometric Study of Information Technology Risks in the Workplace

As organizations become increasingly reliant on information technology (IT) they are exposed to a growing number of risks. Surprisingly, however, very few studies to date have investigated the psychometric representation of IT risks, and none have been undertaken in the workplace. Accordingly, the present study was designed to map the judgments of a representative group of workplace IT users. Fifty‐seven participants evaluated 18 IT risk scenarios by means of 13 bipolar attribute‐rating scales. Profile proximities derived from the raw data were submitted to a weighted multidimensional scaling analysis. The results indicated that a six‐dimensional solution was required on both statistical and conceptual grounds to represent adequately the participants' judgments. The dimensions reflected the extent to which the various risk scenarios were perceived as: (1) serious or minor in nature; (2) having a high or low probability of occurrence; (3) causing a high or low degree of stress; (4) deliberate or accidental; (5) having an impact on the organization or on individuals; and (6) the product of human or technological causes. The data were also submitted to a series of hierarchical cluster analyses, using a variety of agglomeration techniques. This second approach revealed a robust structure in which the risk scenarios were grouped into two broad categories, based on whether the events depicted would be likely to have a major or minor impact. The major impact category broke down further, into two subcategories, based on whether the scenarios were seen to arise from deliberate causes or through negligence. In conclusion, we consider the implications of our findings for future research, the refinement of IT risk assessment frameworks and tools, and the training of risk management professionals.