Peers matter: The moderating role of social influence on information security policy compliance

Information security in an organization largely depends on employee compliance with information security policy (ISP). Previous studies have mainly explored the effects of command‐and‐control and self‐regulatory approaches on employee ISP compliance. However, how social influence at both individual and organizational levels impacts the effectiveness of these two approaches has not been adequately explored. This study proposes a social contingency model in which a rules‐oriented ethical climate (employee perception of a rules‐adherence environment) at the organizational level and susceptibility to interpersonal influence (employees observing common practices via peer interactions) at the individual level interact with both command‐and‐control and self‐regulatory approaches to affect ISP compliance. Using employee survey data, we found that these two social influence factors weaken the effects of both command‐and‐control and self‐regulatory approaches on ISP compliance. Theoretical and practical implications are also discussed.     

The impact of leadership on employees' intended information security behaviour: An examination of the full‐range leadership theory

Explaining the influence of management leadership on employees' information security behaviour is an important focus in information systems research and for companies and organizations. Unfortunately, the role of leadership has remained largely unexplored in the information security context. Our study addresses this gap in literature: how the dimensions of full‐range leadership influence employees' intended information security behaviour. Consequently, our study takes an interactional psychology perspective and links the dimensions of the full‐range model of leadership to employees' security compliance intention and security participation intention. We tested our multitheoretical model using Smart PLS 3.2.7 on a proprietary data set of 322 professionals in more than 14 branches throughout different regions worldwide. Our study contributes to the literature on information security, management, and leadership by exploring how and why different leadership styles enhance employees' intended information security behaviour. Our empirical findings emphasize the importance of transformational leaders because they are capable of directly influencing employees on the extra‐role and in‐role behaviour levels. Our results indicate new directions for information security and leadership research and implications for leadership practices.     

An information security knowledge sharing model in organizations

Knowledge sharing plays an important role in the domain of information security, due to its positive effect on employees' information security awareness. It is acknowledged that security awareness is the most important factor that mitigates the risk of information security breaches in organizations. In this research, a model has been presented that shows how information security knowledge sharing (ISKS) forms and decreases the risk of information security incidents. The Motivation Theory and Theory of Planned Behavior besides Triandis model were applied as the theoretical backbone of the conceptual framework. The results of the data analysis showed that earning a reputation, and gaining promotion as an extrinsic motivation and curiosity satisfaction as an intrinsic motivation have positive effects on employees' attitude toward ISKS. However, self-worth satisfaction does not influence ISKS attitude. In addition, the findings revealed that attitude, perceived behavioral control, and subjective norms have positive effects on ISKS intention and ISKS intention affects ISKS behavior. The outcomes also showed that organizational support influences ISKS behavior more than trust. The results of this research should be of interest to academics and practitioners in the domain of information security.     

Information security policy noncompliance: An integrative social influence model

Despite the significant advancements made in understanding the factors that drive employees' compliance and noncompliance behaviours with information security policy (ISP), less is known about how different factors interact to impact such behaviours. Having been drawn on the social information processing theory, this research develops an integrative model that investigates how ethical work climate, beliefs, and neutralization interact to jointly explain ISP noncompliance. The model is tested via a survey of a broad cross section of employees. Neutralization, perceived cost of compliance, and perceived cost of noncompliance are found to significantly impact ISP noncompliance. Egoistic, benevolent, and principled climates are found to differentially influence neutralization and individuals' cognitive beliefs about the cost and benefit of ISP compliance versus noncompliance. Neutralization appears to be a more important moderator of the belief‐noncompliance relationship than the principled climate.     

Self-control,organizational context,and rational choice in Internet abuses at work

Cyber criminals use the Internet as a major platform to launch malware and social engineering attacks. Employees’ violation of Internet use policy (IUP) elevates a firm’s security risks from cyber-attacks. In the literature, such deviant behavior is generally considered to be the result of a cost-benefit calculus. However, this study shows that dispositional factors such as self-control and procedural justice moderate the cost-benefit calculus. We conclude that self-control and procedural justice need to be integrated with the Rational Choice Theory to better explain Internet abuses at work.     

Guiding employees through the COVID-19 pandemic: An exploration of the impact of transparent communication and change appraisals

Against the backdrop of the COVID-19 pandemic and drawing on literature from change management, internal communication and cognitive appraisal theory, this study provided accounts of how transparent communication during organizational change affects employees' cognitive appraisals of the change, behavioural reactions to the change, and subsequently, turnover intentions. Our findings of 414 full-time US employees revealed that transparent internal communication is positively related to employees' challenge appraisal of the change, which, in turn, is related to change compliance and championing. In addition, transparent communication is negatively associated with threat appraisal of the change, which in turn is connected to lower change compliance. Further, employees' turnover intention was negatively associated with their compliance and championing for the change. This study has made several contributions to internal communication scholarship, appraisal theory and change management literature. We also offer several suggestions to improve communication during organizational change periods.     

The effect of work ethic on employees' individual innovation behavior

The present study examines the previously untested effect of work ethic on individual innovation behavior. These entrenched personal values that may remain unaffected by organizational constitution are suggested to shape a person's inclination to engage in innovative action. Deploying partial least squares (PLS) structural equation modeling (SEM), we show that being self‐reliant and time‐efficient positively influences employees' innovation behavior, while an attitude toward hard work and leisure has a negative impact. Moreover, self‐reliance, leisure orientation, and centrality of work are positively moderated by fair salary, a specific form of relational reward that previously has been identified as an antecedent of motivation. The work at hand thus contributes to extant research by enhancing knowledge about the antecedents of innovative behavior, showing that inherent work‐related values matter. As such, the study demonstrates the importance of considering the linkage of personal differences and motivational factors when examining the complex processes of individual innovation behavior.     

The influence of the informal social learning environment on information privacy policy compliance efficacy and intention

Throughout the world, sensitive personal information is now protected by regulatory requirements that have translated into significant new compliance oversight responsibilities for IT managers who have a legal mandate to ensure that individual employees are adequately prepared and motivated to observe policies and procedures designed to ensure compliance. This research project investigates the antecedents of information privacy policy compliance efficacy by individuals. Using Health Insurance Portability and Accountability Act compliance within the healthcare industry as a practical proxy for general organizational privacy policy compliance, the results of this survey of 234 healthcare professionals indicate that certain social conditions within the organizational setting (referred to as external cues and comprising situational support, verbal persuasion, and vicarious experience) contribute to an informal learning process. This process is distinct from the formal compliance training procedures and is shown to influence employee perceptions of efficacy to engage in compliance activities, which contributes to behavioural intention to comply with information privacy policies. Implications for managers and researchers are discussed.     

Resilient employees are creative employees,when the workplace forces them to be

With a basis in conservation of resources theory, this article considers the connection between employees' resilience and disruptive creative behaviour—conceptualized herein as the extent to which they generate radically new ideas for organizational improvement—as well as how this connection might be invigorated by resource‐draining work conditions that stem from excessive workloads and unfavourable decision‐making processes. Data collected through a survey administered to employees in an organization that operates in the distribution sector reveal that employees' resilience levels spur their disruptive creative behaviour, and this process is more prominent among employees who believe they have insufficient time to complete their work tasks (i.e., suffer from high work overload) and operate in organizational climates marked by high rigidity or dysfunctional politics. The findings accordingly inform organizational practitioners that the allocation of employees' personal resource bases to disruptive creative behaviours might be particularly useful among employees who face substantial adversity in their organizational functioning.     

Examining employee computer abuse intentions: insights from justice,deterrence and neutralization perspectives

Although employee computer abuse is a costly and significant problem for firms, the existing academic literature regarding this issue is limited. To address this gap, we apply a multi‐theoretical model to explain employees' intentions to abuse computers. To understand the motives for such behaviour, we investigate the role of two forms of organizational justice – distributive and procedural – both of which provide explanations of how perceptions of unfairness are created in the organizational context. By applying deterrence theory, we also examine the extent to which formal sanctions influence and moderate the intentions to abuse computers. Finally, we examine how the potential motives for abuse may be moderated by techniques of neutralization, which allow offenders to justify their actions and absolve themselves of any associated feelings of guilt and shame. Utilizing the scenario‐based factorial survey method for our experimental design, we empirically evaluated the association between these antecedents and the behavioural intention to violate Information systems (IS) security policies in an environment where the measurement of actual behaviour would be impossible. Our findings suggest that individual employees may form intentions to commit computer abuse if they perceive the presence of procedural injustice and that techniques of neutralization and certainty of sanctions moderate this influence. The implications of these findings for research and practice are presented. © 2016 John Wiley & Sons Ltd     

Cognitive‐affective drivers of employees' daily compliance with information security policies: A multilevel,longitudinal study

We present a model of employee compliance with information security policy (ISP) that (1) explicates stable, cognitive beliefs regarding the consequences of compliance and noncompliance as well as state‐based affective constructs, namely, positive and negative mood states and episodic, security‐related work‐impediment events, and (2) provides an expanded conceptualisation of moral considerations and normative influences regarding employees' ISP compliance. Because affect is central to this theorisation, we ensure that the model captures and explains differences in day‐to‐day affective constructs to account for the often fleeting nature of affective states. We test our multilevel model using an experience‐sampling methodology design, in which employees completed daily surveys over a 2‐week period, followed by a hierarchal linear modelling statistical assessment. Our contribution to theory is a unique account of ISP compliance that integrates affective factors with constructs from rational choice theory and theory of planned behaviour and that diverges from prior conceptualisations of ISP compliance as a purely stable and reason‐based phenomenon. For practitioners, our results suggest that a combination of cognitive and affective influences may produce discrete episodes of ISP compliance that do not coincide with prior behavioural trends.     

Organizational Antecedents of Creative Self‐Efficacy

A number of studies have documented a relationship between creative self‐efficacy and creative performance. The main aim of the present study was to investigate organizational factors that may influence such creative self‐efficacy. The examined variables included employees' task type and task autonomy, the quality of relationship between supervisors and subordinates (leader–member exchange [LMX]), as well as perceived levels of collegial support for creativity. The sample included 240 employees in a manufacturing company. The hypotheses were tested using partial least squares analysis. Results showed significant and positive relationships between the study variables and creative self‐efficacy, supporting the hypotheses. Furthermore, the combinations of task autonomy and high‐quality LMX, as well as task autonomy and collegial support for creativity, were positively associated with creative self‐efficacy. The results of this study may give guidance to leaders and consultants who want to enhance the creativity levels of employees through organizational development efforts.     

Critical Times for Organizations: What Should Be Done to Curb Workers’ Noncompliance With IS Security Policy Guidelines?

This study was designed to examine the impacts of employees’ cost–benefit analysis, deterrence considerations, and top management support and beliefs on information systems security policy compliance. Surveys of Canadian professionals’ perceptions were carried out. A research model was proposed and tested. The results confirmed that top management support and beliefs, sanction severity, and cost–benefit analysis significantly influenced employees’ information systems security policy compliance. The implications of the study findings are discussed, and conclusions are drawn.     

Do Intelligent Leaders Make a Difference? The Effect of a Leader's Emotional Intelligence on Followers' Creativity

This research investigates the connection between emotional intelligence (EI) and creativity. This was studied by exploring: (i) an association between leaders' EI and their followers' creative output; (ii) an association between six sub‐dimensions of EI and creativity; and (iii) a mediating role of climate in the link between EI and creativity. Two questionnaires (one for leaders and one for employees) were used to collect data in a hospital. Sixty‐six usable leader‐employee dyads were collected. The findings confirmed a positive relationship between leaders' EI and employees' creativity. At an EI's sub‐dimensions level, the current research showed an association between creativity, on one hand, and self‐encouragement and understanding of own emotions, on the other. Finally, no mediating effect of climate was observed. The absence of a mediating effect is interesting, since it suggests a direct link between leaders' EI and employees' creativity, regardless of the climate. This is important, since it calls attention to the paramount role of leaders in shaping individual and organizational behaviours as far as creativity is concerned. The paper also discusses implications for management and practice.     

Factors That Influence Employees’ Security Policy Compliance: An Awareness-Motivation-Capability Perspective

Information security policy (ISP) plays an important role in information security management in organizations. Past research investigated various factors that may impact employee behavior toward security policy compliance from the perspective of general deterrence theory (GDT), protection and motivation Theory (PMT), and rational choice theory (RCT). However, there is no unifying foundation/framework that examines all of those factors in a harmonic way so that the research findings can guide information security practices and research into the employee ISP compliance management context. Additionally, prior findings provided mixed results. This study proposes a research model based on the awareness-motivation-capability (AMC) framework, aiming to unify the factors to predict employee ISP compliance intention. We believe that a harmonic approach in managing employee ISP compliance can create optimal outcomes.     

Risky Social Networking Practices Among “Underage” Users: Lessons for Evidence‐Based Policy

European self‐regulation to ensure children's safety on social networking sites requires that providers ensure children are old enough to use the sites, aware of safety messages, empowered by privacy settings, discouraged from disclosing personal information, and supported by easy to use reporting mechanisms. This article assesses the regulatory framework with findings from a survey of over 25000 9‐ to 16‐year‐olds from 25 European countries. These reveal many underage children users, and many who lack the digital skills to use social networking sites safely. Despite concerns that children defy parental mediation, many comply with parental rules regarding social networking. The implications of the findings are related to policy decisions on lower age limits and self‐regulation of social networking sites.     

Managers’ and Employees’ Differing Responses to Security Approaches

ABSTRACT

Modern organizations face significant information security threats, to which they respond with various managerial techniques. It is widely believed that “one size does not fit all” for achieving employee information security policy compliance; nevertheless, it is yet to be determined which techniques work best to different organizational employees. We further this research stream by finding that different levels of users might be effectively motivated by different types of coercive and empowering techniques that are suitable to their level and position in the organizational chart. Our results suggest that participation in the ISP decision-making process might prove to be a more effective approach to motivate lower-level employees toward compliance and that enhancing the meaningfulness of policy compliance could be the preferred method among higher levels of management. Members within each level of the organization can be effectively influenced to comply with ISPs when such strategies are customized for their level.     

Exploring HRM Meta‐Features that Foster Employees' Innovative Work Behaviour in Times of Increasing Work–Life Conflict

Today, employees' innovative work behaviour (IWB) is critical for companies' success. However, employees increasingly experience work–life conflict (WLC) which negatively influences performance at work. Human resource management (HRM) has the potential to foster employees' engagement in innovative activities and to reduce tensions between work and private life simultaneously. Our paper aims to advance understanding under which conditions these relations occur by exploring HRM meta‐features. These are defined as overall characteristics of an HR system helping companies to communicate the content of HR practices in a way that leads to desired interpretations by employees. Using a qualitative, interview study approach, we find that HRM contributes to IWB and diminishes feelings of WLC mainly through the four meta‐features ‘individual orientation’, ‘discretion orientation’, ‘effort orientation’ and ‘expectancy orientation’. We link our findings to extant literature and provide suggestions for managers how these meta‐features can be put into organizational practice.     

The effect of ethical leadership on employee social innovation tendency in social enterprises: Mediating role of perceived social capital

Although social innovation has gained prominence in policy, academic, and practitioner debates, there remains a lack of understanding of how leader aspects such as behavior and ethics contribute to fostering social innovation among employees in the social enterprise, owing primarily to a dearth of empirical research on this subject. The goal of this study is to empirically examine the effect of ethical leadership on the social innovation tendency among employees in social enterprises; also, employees' perceived social capital is hypothesized as a mediator through which the ethical leader is likely to influence their social innovation tendency. Using data collected from 189 employees associated with a variety of social enterprises, the results of structural equation modeling indicate that ethical leadership has both a direct and indirect effect on the social innovation tendency among employees, where the indirect effect of ethical leadership involves influencing the employees' perceived social capital, which subsequently influences their tendency for social innovation. Accordingly, the study offers key implications for social enterprise leaders aspiring to boost innovation in their endeavors aimed at achieving the enterprise's objective of creating positive social impact.