Motivating IS security compliance: Insights from Habit and Protection Motivation Theory

Authors:
Anthony Vance;Mikko Siponen;Seppo Pahnila
Affiliations:
Information Systems Department, Marriott School of Management, Brigham Young University, United States;IS Security Research Center, Department of Information Processing Science, University of Oulu, Linnanmaa, P.O. Box 3000, FIN-90014 Oulun yliopisto, Finland1;IS Security Research Center, Department of Information Processing Science, University of Oulu, Linnanmaa, P.O. Box 3000, FIN-90014 Oulun yliopisto, Finland1
Venue:
Information and Management
Year:
2012

Citing 12
Cited 2

Why there aren't more information security research studies

Information and Management
An integrative model of computer abuse based on social control and general deterrence theories

Information and Management
Employees' Behavior towards IS Security Policy Compliance

HICSS '07 Proceedings of the 40th Annual Hawaii International Conference on System Sciences
Security lapses and the omission of information security measures: A threat control model and empirical test

Computers in Human Behavior
Information security management standards: Problems and solutions

Information and Management
Interpretation of formative measurement in information systems research

MIS Quarterly
Neutralization: new insights into the problem of employee systems security policy violations

MIS Quarterly
Fear appeals and information security behaviors: an empirical study

MIS Quarterly
Improving employees' compliance through information systems security training: an action research study

MIS Quarterly
Out of fear or desire? Toward a better understanding of employees' motivation to follow IS security policies

Information and Management
Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the U.S. and South Korea

Information and Management
Why break the habit of a lifetime? rethinking the roles of intention, habit, and emotion in continuing information technology use

MIS Quarterly

Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition

Information and Management
Internal control framework for a compliant ERP system

Information and Management

Quantified Score

Hi-index	0.00

Visualization

Abstract

Employees' failure to comply with IS security procedures is a key concern for organizations today. A number of socio-cognitive theories have been used to explain this. However, prior studies have not examined the influence of past and automatic behavior on employee decisions to comply. This is an important omission because past behavior has been assumed to strongly affect decision-making. To address this gap, we integrated habit (a routinized form of past behavior) with Protection Motivation Theory (PMT), to explain compliance. An empirical test showed that habitual IS security compliance strongly reinforced the cognitive processes theorized by PMT, as well as employee intention for future compliance. We also found that nearly all components of PMT significantly impacted employee intention to comply with IS security policies. Together, these results highlighted the importance of addressing employees' past and automatic behavior in order to improve compliance.