{"title":"Voluntary and instrumental information security policy compliance: an integrated view of prosocial motivation, self-regulation and deterrence","authors":"Yan Chen , Weidong Xia , Karlene Cousins","doi":"10.1016/j.cose.2021.102568","DOIUrl":null,"url":null,"abstract":"<div><p>Understanding employees’ motivations and behaviors toward compliance with information security policies (ISPs) remains a theoretical and practical challenge. Although previous information security researchers have investigated different motivational factors related to ISP compliance, most have not recognized different forms of ISP compliance behaviors characterized by their levels of willingness and persistence, nor have they noted the importance of adopting an other-oriented lens to examine such behaviors. In this paper, we propose and test an integrated model that investigates how various motivational factors affect different ISP compliance behaviors. Specifically, the model anchors on the prosocial motivational perspective in addition to the instrumental and self-regulatory motivational perspectives and investigates two types of compliance behaviors (voluntary ISP compliance and instrumental ISP compliance). We tested our model using survey data collected from 407 employee respondents. Our results show that the three sets of motivational factors have different effects on the two types of ISP compliance behaviors. Prosocial motivation and self-regulatory motivation positively affect voluntary ISP compliance behavior. Deterrence as an instrumental control leads to instrumental ISP compliance behavior but undermines voluntary ISP compliance behavior. Our study highlights that, to foster employees’ voluntary ISP compliance, organizations need to take a more holistic approach by integrating the prosocial approach with the instrumental and self-regulatory approaches in managing voluntary compliance behaviors, while being mindful of the negative effects of instrumental controls (e.g., deterrence) on such behaviors.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"113 ","pages":"Article 102568"},"PeriodicalIF":4.8000,"publicationDate":"2022-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404821003928","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 8
Abstract
Understanding employees’ motivations and behaviors toward compliance with information security policies (ISPs) remains a theoretical and practical challenge. Although previous information security researchers have investigated different motivational factors related to ISP compliance, most have not recognized different forms of ISP compliance behaviors characterized by their levels of willingness and persistence, nor have they noted the importance of adopting an other-oriented lens to examine such behaviors. In this paper, we propose and test an integrated model that investigates how various motivational factors affect different ISP compliance behaviors. Specifically, the model anchors on the prosocial motivational perspective in addition to the instrumental and self-regulatory motivational perspectives and investigates two types of compliance behaviors (voluntary ISP compliance and instrumental ISP compliance). We tested our model using survey data collected from 407 employee respondents. Our results show that the three sets of motivational factors have different effects on the two types of ISP compliance behaviors. Prosocial motivation and self-regulatory motivation positively affect voluntary ISP compliance behavior. Deterrence as an instrumental control leads to instrumental ISP compliance behavior but undermines voluntary ISP compliance behavior. Our study highlights that, to foster employees’ voluntary ISP compliance, organizations need to take a more holistic approach by integrating the prosocial approach with the instrumental and self-regulatory approaches in managing voluntary compliance behaviors, while being mindful of the negative effects of instrumental controls (e.g., deterrence) on such behaviors.
期刊介绍:
Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world.
Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.