Loading...

Media is loading
 

Paper Type

ERF

Abstract

With an upward trend of data breaches and their financial damages, organizations continue to increase investment in employees’ security awareness. Yet, 86% of breaches involve employees. This research uncovers the impact of data breaches on employees’ perceived legitimacy of information security governance and then their information security policy compliance behaviors. Drawing on the theory of the legitimacy process, we developed a mediation model of employees’ noncompliance behaviors post-breach. We plan to conduct a survey and test whether the perceived severity of data breaches decreases employees’ legitimacy perceptions of information security governance and ultimately leads to information security policy non-compliance post-breach.

Paper Number

1606

Author Connect URL

https://authorconnect.aisnet.org/conferences/AMCIS2024/papers/1606

Comments

SIGSEC

Download
Author Connect Link

Share

COinS
Top 25 Paper Badge
 
Aug 16th, 12:00 AM

Employees’ Post–Breach Information Security Policy Non-Compliance: An Organizational Legitimacy Perspective

With an upward trend of data breaches and their financial damages, organizations continue to increase investment in employees’ security awareness. Yet, 86% of breaches involve employees. This research uncovers the impact of data breaches on employees’ perceived legitimacy of information security governance and then their information security policy compliance behaviors. Drawing on the theory of the legitimacy process, we developed a mediation model of employees’ noncompliance behaviors post-breach. We plan to conduct a survey and test whether the perceived severity of data breaches decreases employees’ legitimacy perceptions of information security governance and ultimately leads to information security policy non-compliance post-breach.

When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.