Abstract

Data breaches are a continuing problem for managers in the digital age. Currently, there is very little guidance available to companies and managers in particular on how to mitigate data breach risks arising due to malicious or negligent insiders. This study examines the factors impacting employees’ intentions to violate an organization’s information systems (IS) security policies – using hypothetical scenarios. Specifically, the research attempts to understand the role of gender on the relationship between moral beliefs, understandability of the security policy, underlying moral issue (necessity vs. metaphor of the ledger), and intentions to violate the security policy. Our results suggest that moral beliefs and understandability of the security policy lower intentions to violate the policy, and do so differently depending upon one’s gender and the underlying moral issue. Data was gathered from 173 students using an online survey tool, and analyzed using multiple regression. We examined regression assumptions and found no major issues. The study has several practical and theoretical implications. The findings suggest that using ethical and gender perspectives provide additional insight into IS security non-compliance issues. The findings could help IS security managers as they develop effectual security policies and devise more effective training programs.

Download

Share

COinS