Between Habit and Control–Opening the Black Box of ISP Compliance Under Stress

Authors

Theresa Pfaff
Florian Rampold
Gilbert Hoevel
Jana Driller

Abstract

The persistent challenge of ensuring employee adherence to information security policies (ISPs) has long been a central concern for organizations. While much research has focused on rational decision-making processes, the interplay between internal habitual behaviors and external organizational controls remains underexplored. This study delves into the comparative influence of habit—as an ingrained individual trait—and detection certainty—an organizational control mechanism—on ISP compliance. Using a survey-based online experiment, our study intends to expand our knowledge of compliance drivers and effects in stressful working environments. To the best of our knowledge, this study takes initiating effort in subjecting participants to real-time stress in an online vignette, where they are tasked with navigating compliance challenges within a limited time frame. We explore whether habitual behavior (an internal trait) or detection certainty (an external control) compete or complement each other when facing compliance challenges in stressful and non-stressful situations. With this we aim to contribute to the discussion on optimizing internal training and external controls to enhance ISP compliance in high-pressure environments.

Recommended Citation

Pfaff, Theresa; Rampold, Florian; Hoevel, Gilbert; and Driller, Jana, "Between Habit and Control–Opening the Black Box of ISP Compliance Under Stress" (2024). WISP 2024 Proceedings. 6.
https://aisel.aisnet.org/wisp2024/6