IS security threats have increased significantly in recent years. We identified the gaps between manager perceptions of IS security threats and the security countermeasures adopted by firms by collecting empirical data from 109 Taiwanese enterprises. Industry type and organizational use of IT were seen as the two factors that affected the motivation of firms to adopt security countermeasures, but their implementation did not necessarily affect the threat perceptions of the managers. Analyses of responses suggested that the scope of the countermeasures adopted were not commensurate with the severity of the perceived threats. Among the threats, networks were rated as contributing the most severe threat and yet had the lowest level of protection, this was followed by threats due to personnel and administrative issues. We therefore addressed threat mitigation strategies, specifically in terms of the differences between industries. ? 2007 Elsevier B.V. All rights reserved.
