Organisational characteristics as antecedents of enterprise security risk management adoption in Kenya's accredited universities

Academic institutions today are experiencing a legion of security risks that are increasingly impeding their mission of producing high-quality graduates, guarding reason and educational integrity, and ultimately advancing human civilisation. The Enterprise Security Risk Management (ESRM) model represents a potential solution to the dynamic threats that accredited universities face today. However, ESRM adoption is largely absent, slow, and inconsistent in Kenya's accredited universities. Only a few attempts have been made to understand what drives security risk management adoption in these universities. Based on seven in-depth interviews with Chief Security Officers across larger accredited universities in Kenya and utilising an overarching innovation adoption model, we examine the organisational predictors of ESRM adoption in these universities. Within the limitations of this study, the data collected highlight the fundamental role of university executive commitment, security governance, and security risk management training in enhancing the diffusion of ESRM systems in universities. We have discussed managerial implications and suggested future research directions.