The increasing threat to information security has created institutional pressures on organizations to comply with information security policies and standards. This paper presents an empirical study to investigate the impact of institutional pressures (coercive, normative, and mimetic) on information security compliance in organizations. The results show that coercive pressures that are manifested by regulatory agencies, normative pressures that are exerted through social pressures, and mimetic pressures that are manifested by security benefits positively influence information security compliance in public organizations. Furthermore, the results reveal that regulation and security benefits generate pressures on management to strengthen their commitments towards information security compliance in organizations. It is, however, worthwhile to notice that social pressures do not have a significant impact on management commitments towards information security compliance. The implications of this study indicate the criticality of institutional pressures for enhancing information security compliance in public organizations both directly and indirectly.
Al-Kalbani, Ahmed; Deng, Hepu; Kam, Booi; and Zhang, Julia, "Investigating the Impact of Institutional Pressures on Information Security Compliance in Organizations" (2016). ACIS 2016 Proceedings. 26.