We use Fairness Theory to help explain why sometimes security policy sometimes backfire and increase security violations. Explanation adequacy—a key component of Fairness Theory—is expected to increase employees’ trust in their organization. This trust should decrease internal computer abuse incidents following the implementation of security changes. The results of our analysis provide support for Fairness Theory as applied to our context of computer abuse. First, the simple act of giving employees advance notification for future information security changes positively influences employees’ perceptions of organizational communication efforts. The adequacy of these explanations is also buoyed by SETA programs. Second, explanation adequacy and SETA programs work in unison to foster organizational trust. Finally, organizational trust significantly decreases internal computer abuse incidents. Our findings show how organizational communication can influence the overall effectiveness of information security changes among employees and how organizations can avoid becoming victim to their own efforts.
Posey, Clay; Roberts, Tom L.; Lowry, Paul Benjamin; and Bennett, Becky, "How Explanation Adequacy of Security Policy Changes Decreases Organizational Computer Abuse" (2010). SIGHCI 2010 Proceedings. 14.