Litcius/Paper detail

Peers matter: The moderating role of social influence on information security policy compliance

Adel Yazdanmehr, Jingguo Wang, Zhiyong Yang

2020Information Systems Journal89 citationsDOI

Abstract

Abstract Information security in an organization largely depends on employee compliance with information security policy (ISP). Previous studies have mainly explored the effects of command‐and‐control and self‐regulatory approaches on employee ISP compliance. However, how social influence at both individual and organizational levels impacts the effectiveness of these two approaches has not been adequately explored. This study proposes a social contingency model in which a rules‐oriented ethical climate (employee perception of a rules‐adherence environment) at the organizational level and susceptibility to interpersonal influence (employees observing common practices via peer interactions) at the individual level interact with both command‐and‐control and self‐regulatory approaches to affect ISP compliance. Using employee survey data, we found that these two social influence factors weaken the effects of both command‐and‐control and self‐regulatory approaches on ISP compliance. Theoretical and practical implications are also discussed.

Topics & Concepts

Compliance (psychology)ContingencyControl (management)BusinessAffect (linguistics)PerceptionInterpersonal communicationContingency theoryInformation securitySecurity policyPublic relationsKnowledge managementPsychologySocial psychologyComputer securityPolitical scienceComputer scienceEconomicsManagementPhilosophyLinguisticsNeuroscienceCommunicationInformation and Cyber SecurityCybercrime and Law Enforcement StudiesStalking, Cyberstalking, and Harassment