Location
260-005, Owen G. Glenn Building
Start Date
12-15-2014
Description
Information systems security (ISS) is an increasingly critical issue for companies worldwide. One major reason for information security incidents remains human error. Thus, understanding how employees’ ISS-related behavior can be influenced is a top priority (Siponen and Vance 2010). In this regard, numerous recent studies have examined the effect of deterrence mechanisms. However, the role of endogenous motivations has been largely neglected, although studies in adjacent fields have shown the effectiveness of motivational intervention strategies. We seek to close this gap by examining how endogenous motivations influence employees intention to comply with organizational ISS guidelines. Our model integrates the theory of planned behavior and the organismic integration theory. It is tested using a sample of 444 employees. The results show that when employees’ personal values and principles are congruent with ISS-related prescriptions compliance intention significantly increases. However, we find no impact on intention when employees perceive their actions as coerced.
Recommended Citation
Kranz, Johann and Haeussinger, Felix, "Why Deterrence is not enough: The Role of Endogenous Motivations on Employees’ Information Security Behavior" (2014). ICIS 2014 Proceedings. 24.
https://aisel.aisnet.org/icis2014/proceedings/ISSecurity/24
Why Deterrence is not enough: The Role of Endogenous Motivations on Employees’ Information Security Behavior
260-005, Owen G. Glenn Building
Information systems security (ISS) is an increasingly critical issue for companies worldwide. One major reason for information security incidents remains human error. Thus, understanding how employees’ ISS-related behavior can be influenced is a top priority (Siponen and Vance 2010). In this regard, numerous recent studies have examined the effect of deterrence mechanisms. However, the role of endogenous motivations has been largely neglected, although studies in adjacent fields have shown the effectiveness of motivational intervention strategies. We seek to close this gap by examining how endogenous motivations influence employees intention to comply with organizational ISS guidelines. Our model integrates the theory of planned behavior and the organismic integration theory. It is tested using a sample of 444 employees. The results show that when employees’ personal values and principles are congruent with ISS-related prescriptions compliance intention significantly increases. However, we find no impact on intention when employees perceive their actions as coerced.