Information security is a multi-level phenomenon with employee security decisions being influenced by macro-level factors (e.g., organizational policies), meso-level factors (e.g., one’s immediate workgroup (IW)), and micro-level factors (e.g., individual personalities). We argue that an employee’s local IW (i.e., immediate supervisor and coworkers) has a strong effect on security. This paper focuses on the effects of these meso-level factors in the presence of macro- and micro-level factors. Drawing on the social structure and social learning framework as well as workgroup research, we hypothesize that the security behavior of an employee’s IW supervisor and coworkers moderated by the nature of these relationships influences information security decisions. Our research, based on a sample of 217 full-time employees, reveals that the IW significantly affects security decisions, over and above the micro- and macro-level factors. These effects are moderated by the nature of the relationship between the employee and his/her IW supervisor (leader-member exchange) and coworkers (team-member exchange). A post-hoc analysis shows that the meso-level factors alone had the same explanatory power as the micro- and macro-levels combined. Our research suggests that future theory and research should include the IW and that organizations should share security responsibilities with line managers and help them understand their substantial impact on information security. Security training programs should ask employees about the behaviors of their IW supervisor and coworkers, and, where needed, deliver anti-neutralization training to mitigate the effects of the IW’s non-compliance behaviors.
Wang, Dawei; Durcikova, Alexandra; and Dennis, Alan, "Security is Local: The Influence of Immediate Workgroup on Information Security" (2023). JAIS Preprints (Forthcoming). 87.
Available at: https://aisel.aisnet.org/jais_preprints/87