Graduate School of Business


Doctor of Business Administration (DBA)


Gayle R. Jesse


Construction, Cyber Security, UTAUT, Small Business


Business | Computer Sciences


This qualitative study described the influence of small businesses’ failure to properly implement information security technologies resulting in the loss of sensitive and proprietary business information. A collective case study approach was used to determine the most effective way to gain a holistic picture of how small construction businesses make security technology implementation decisions to support their workforce. The theory guiding this study was the Unified Theory of Acceptance and Use of Technology (UTAUT) model which is related to the Theory of Planned Behavior and the Technology Acceptance Model which helped explain the intentions of individuals to use information systems. Security policies and threats (insider and cyber) were also looked at during this study. Data collection methods included questionnaires, interviews, document reviews, journaling, and webpage scans to provide insight into security information technology use. The results of this study indicated small construction businesses rely heavily on third-party information technology venders to perform security functions. This security model has led to several of the businesses experiencing cyber security incidents and the businesses being more reactive in responding to cyber-attacks. Deficiencies with planning for system implementations also impacted how employees thought and used the businesses’ security information systems. The study’s results indicated employee’s behavior intention and use behavior was highly impacted by the age moderator with older employees more likely to display a lower behavior intention and use behavior for using systems.