Loading...

Media is loading
 

Paper Type

ERF

Abstract

Organizational Information Security (ISec) faces risks from human factors, particularly employees' noncompliance with Information Security Policies (ISPs), despite substantial investments in security technologies. This study explores Security Communication Fatigue (SCF) resulting from excessive communication of security policies and related information. Drawing from Protection Motivation Theory (PMT), we investigate how SCF leads to ISPs noncompliance. SCF, distinct from security fatigue, is often overlooked in security literature. We propose a PMT-based model where SCF diminishes threat and coping perceptions, mediating noncompliance. This research will contribute to the literature by highlighting SCF's role and as such enhancing our understanding of ISP noncompliance factors. The findings will offer valuable insights for organizations aiming to bolster their information security practices amidst evolving cyber threats. The practical implications will be related to how organizations can tailor their communication strategies to mitigate SCF, enhance ISP compliance, and fortify ISec against human-related vulnerabilities.

Paper Number

1568

Author Connect URL

https://authorconnect.aisnet.org/conferences/AMCIS2024/papers/1568

Comments

SIGSEC

Author Connect Link

Share

COinS
Top 25 Paper Badge
 
Aug 16th, 12:00 AM

Navigating Information Security Communication Fatigue: Understanding Its Impact on Employee Policy Noncompliance

Organizational Information Security (ISec) faces risks from human factors, particularly employees' noncompliance with Information Security Policies (ISPs), despite substantial investments in security technologies. This study explores Security Communication Fatigue (SCF) resulting from excessive communication of security policies and related information. Drawing from Protection Motivation Theory (PMT), we investigate how SCF leads to ISPs noncompliance. SCF, distinct from security fatigue, is often overlooked in security literature. We propose a PMT-based model where SCF diminishes threat and coping perceptions, mediating noncompliance. This research will contribute to the literature by highlighting SCF's role and as such enhancing our understanding of ISP noncompliance factors. The findings will offer valuable insights for organizations aiming to bolster their information security practices amidst evolving cyber threats. The practical implications will be related to how organizations can tailor their communication strategies to mitigate SCF, enhance ISP compliance, and fortify ISec against human-related vulnerabilities.

When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.