Paper Number
ECIS2026-1844
Paper Type
CRP
Abstract
Extra-role security behaviors (ERSBs) have become valuable assets to organizations, as these voluntary actions promote security resilience and improve an organization’s security posture. However, the drivers of such behaviors and hence the multidimensionality of security proactivity remains underexplored. Drawing on role identity theory, we delineate a theoretical framework that demonstrates how security role identities are formed and in turn translate into ERSBs. Our findings obtained from 40 interviews highlight two key contributions: (1) individual and organizational factors shape security identity formation, and (2) proactive security role identities (i.e. security ownership and security champion) inform distinct ERSBs (promotive vs prohibitive). By examining security role identity, this study offers novel understandings as to why employees engage in ERSBs and how a multitude of contextual variables shape one’s security role identity to inform such proactivity. These insights provide theoretical and practical recommendations to strengthen an organization’s security environment and promote employees’ security proactivity.
Recommended Citation
Tharwat, Ayah; Asyali, Ayse Nur; Frank, Muriel-Larissa; Jaeger, Lennart; and Pocher, Nadia, "The ‘I’ In Security: How Security Role Identity Shapes Extra-Role Security Behaviors" (2026). ECIS 2026 Proceedings. 14.
https://aisel.aisnet.org/ecis2026/gen_track/gen_track/14
The ‘I’ In Security: How Security Role Identity Shapes Extra-Role Security Behaviors
Extra-role security behaviors (ERSBs) have become valuable assets to organizations, as these voluntary actions promote security resilience and improve an organization’s security posture. However, the drivers of such behaviors and hence the multidimensionality of security proactivity remains underexplored. Drawing on role identity theory, we delineate a theoretical framework that demonstrates how security role identities are formed and in turn translate into ERSBs. Our findings obtained from 40 interviews highlight two key contributions: (1) individual and organizational factors shape security identity formation, and (2) proactive security role identities (i.e. security ownership and security champion) inform distinct ERSBs (promotive vs prohibitive). By examining security role identity, this study offers novel understandings as to why employees engage in ERSBs and how a multitude of contextual variables shape one’s security role identity to inform such proactivity. These insights provide theoretical and practical recommendations to strengthen an organization’s security environment and promote employees’ security proactivity.