To read the full version of this content please select one of the options below:

Do employees in a “good” company comply better with information security policy? A corporate social responsibility perspective

Hyungjin Lukas Kim (Institute of Bigdata Convergency Business, Korea University, Seoul, South Korea)
Jinyoung Han (Chung-Ang University, Seoul, South Korea)

Information Technology & People

ISSN: 0959-3845

Article publication date: 11 October 2018

Issue publication date: 23 September 2019

Abstract

Purpose

The purpose of this paper is to investigate the impact of corporate social responsibility (CSR) on employees’ compliance behavior concerning information security policy (ISP). A research model includes CSR activities as an antecedent of ISP compliance and as a mediator of the relationship between ISP compliance intention and the perceived costs of compliance.

Design/methodology/approach

In total, 162 respondents were surveyed from organizations with more than 500 employees. This study used partial least squares (SmartPLS 3.0) to analyze and examine hypotheses.

Findings

The results show CSR’s influence as a mediator in the context of ISP compliance. In particular, moral CSR can affect employees’ ISP compliance intention positively and fully mediate the relationship between the costs of compliance and ISP compliance intention. Employees would like to comply with ISP when they recognize the benefits of ISP compliance and the costs of ISP noncompliance.

Originality/value

This study examines influential factors on ISP compliance considering cost-benefit factors from rational choice theory. Moreover, the study contributes to ISP compliance research by being the first attempt to consider CSR in an ISP compliance research context. The results provide insights on how to strategically implement CSR activities in terms of organizational information security.

Keywords

Citation

Kim, H.L. and Han, J. (2019), "Do employees in a “good” company comply better with information security policy? A corporate social responsibility perspective", Information Technology & People, Vol. 32 No. 4, pp. 858-875. https://doi.org/10.1108/ITP-09-2017-0298

Publisher

:

Emerald Publishing Limited

Copyright © 2018, Emerald Publishing Limited