CCE Theses and Dissertations

Date of Award


Document Type


Degree Name

Doctor of Philosophy in Information Systems (DISS)


Graduate School of Computer and Information Sciences


Gurvirender P. Tejay

Committee Member

Ling Wang

Committee Member

Kinberley Dunkerley


Due to the importance of small and medium-sized enterprises (SMEs) as drivers of economic growth, it is essential to explore the security issues impacting SMEs' success and failure. One of the main security risks that could significantly impair the operability of the organizations is the permanent loss of data due to man-made and/or natural disasters and interruptions. Research has shown that SMEs are not taking disaster preparedness for their computer and networking systems as seriously as they should. This dissertation is an attempt to explain the process of a risky choice, specifically the decision maker's choice of not investing in disaster recovery technologies (DRT) to protect the firm. This study applied a revised model of determinants of risky decision-making behavior suggested by Sitkin and Weingart (1995) to a context of DRT investment in the real world. The model was empirically tested using survey data collected from a list of technology investment decision makers of SMEs located in the northeastern United States. Analysis and results of the collected survey data suggest the revised model can be applied to the real world context. The executive's characteristics, experience, and traits such as positive outcome history, risk propensity, risk perception, and decision framing influence the decision to invest in data protective technologies in SMEs. Specifically, the results of the analysis indicated that risk propensity is affected by outcome history and risk perception is affected by decision framing. In addition, risk propensity affected risk perception and risk perception affected the choice of DRT investment. Furthermore, decision framing had moderate effect on DRT investment