Search results
1 – 10 of 118Botong Xue, Feng Xu, Xin Luo and Merrill Warkentin
A growing number of studies have investigated the effect of ethical leadership on behavioral outcome of employees. However, considering the important role of ethics in IS…
Abstract
Purpose
A growing number of studies have investigated the effect of ethical leadership on behavioral outcome of employees. However, considering the important role of ethics in IS security, the security literature lacks a theoretical and empirical investigation of the relationship between ethical leadership and employees' security behavior, such as information security policy (ISP) violation. Drawing on social learning and social exchange theories, this paper empirically tests the impact of ethical leadership on employees' ISP violation intention through both information security climate (i.e. from a moral manager's perspective) and affective commitment (i.e. from a moral person's perspective).
Design/methodology/approach
The research was developed based on social learning theory and social exchange theory. To measure the variables in the model, the authors used and adapted measurement items from previous studies. The authors conducted a scenario-based survey with 339 valid responses to test and validate the research model.
Findings
Results indicated that information security climate fully mediates the relationship between ethical leadership and ISP violation intention. The authors also found that information security climate enhances the negative effect of affective commitment on ISP violation intention.
Originality/value
This research contributes to the literature of information security by introducing the role of ethical leadership and integrating two theories into our research model. This study also calls attention to how information security climate and affective commitment mediate the relationship between ethical leadership and employees' ISP violation intention. The theory-driven study provides important pragmatic guidance for enhancing the understanding of the importance of ethical leadership in information systems security research.
Details
Keywords
Hao Chen, Patrick Y.K. Chau and Wenli Li
The purpose of this paper is to develop a model that integrates moral disengagement (MD) and organizational ethical climate (OEC) to understand information security policy (ISP…
Abstract
Purpose
The purpose of this paper is to develop a model that integrates moral disengagement (MD) and organizational ethical climate (OEC) to understand information security policy (ISP) violation behavior in the workplace. This study extends prior work by identifying the moderating mechanisms of the ethical culture of OECs in the relationship between employees’ MD and ISP violation behavior intention.
Design/methodology/approach
By using scenario-based survey data from 433 employees in Chinese enterprises and by applying PLS-based structural equation modeling, the authors test a series of hypotheses.
Findings
Our empirical results highlight that the concept of MD has a significant effect on employees’ intention to violate ISPs. The authors also find that the OEC has a moderating role in the relationship between MD and ISP violation intention: the moderating role of law-and-rule-oriented OEC is significantly negative, but instrumentalism-oriented OEC positively moderates this relationship.
Originality/value
This study contributes to the literature on information security behavior by integrating two ethical theory frameworks MD and OECs into one theoretical model, and it calls attention to how ethical factors at the individual cognition level and organizational climate level work together to influence personal information security behavior. This study provides a new perspective of OEC from which to understand policy violation caused by moral self-regulation failure, and empirically explores its moderating role.
Details
Keywords
Forough Nasirpouri Shadbad and David Biros
This study focuses on unintended negative consequences of IT, called technostress. Given that employees are recognized as a major information security threat, it makes sense to…
Abstract
Purpose
This study focuses on unintended negative consequences of IT, called technostress. Given that employees are recognized as a major information security threat, it makes sense to investigate how technostress resulting from employees' constant interaction with IT influences the likelihood of security incidents. Although past research studied the concept of security-related technostress, the effect of IT use itself on employees’ extra-role activities such as security-related behaviors is unanswered. Thus, this paper aims to provide an understanding of the negative impact of technostress on employee information security policy (ISP) compliance.
Design/methodology/approach
Drawing on technostress literature, this research develops a research model that investigates the effect of technostress on employee intention to violate ISPs. It also extends the dimensionality of technostress construct by adding a new dimension called “techno-unreliability” that shows promising results. The authors use online survey data from a sample of 356 employees who have technology-based professions. We apply the structural equation modeling technique to evaluate the proposed research model.
Findings
Findings showed that IT use imposes high-level perceptions of a set of technostress creators, which makes users rationalize their ISP violations and engage in non-compliant behaviors. Further analysis of each dimension of technostress showed that techno-complexity, techno-invasion and techno-insecurity account for higher ISP non-compliant behaviors.
Originality/value
This study provides a new understanding of technostress to the context of information security and emphasizes on its negative impact on employee ISP compliance behaviors.
Details
Keywords
Forough Nasirpouri Shadbad and David Biros
Since the emergence of the Internet in the twentieth century and the rapid growth of different types of information technologies (IT), our lives, either personal or professional…
Abstract
Since the emergence of the Internet in the twentieth century and the rapid growth of different types of information technologies (IT), our lives, either personal or professional, have become digitised. Adoption and diffusion of IT enhance individuals and organisational performance, yet scholars discovered a dual nature of IT in which IT usage may have negative aspects too. First, the inability to cope with IT in a healthy manner creates stress in users, termed technostress. Second, digitisation and adoption of new technologies (e.g. IoT and multi-cloud environments) have increased vulnerabilities to information security (InfoSec) threats. Although organisations utilise counteraction strategies (e.g., security systems, security policies), end-users remain the top source of security incidents. Existing behavioural research has approached technostress and InfoSec independently. However, it is not clear how technology-stressors influence employees’ security-related behaviours. This chapter reviews the interaction effect of these concepts in detail by proposing a conceptual model that explains that technostress is the main reason for employees’ non-compliance with security policies in which users with high-level perceptions of technostress are more likely to violate InfoSec policies. Counteraction strategies to mitigate technostress and security threats are also discussed.
Details
Keywords
Ying Li, Ting Pan and Nan (Andy) Zhang
This paper is to investigate how employees respond to information security policies (ISPs) when they view the policies as a challenge rather than a hindrance to work…
Abstract
Purpose
This paper is to investigate how employees respond to information security policies (ISPs) when they view the policies as a challenge rather than a hindrance to work. Specifically, the authors examine the roles of challenge security demands (i.e. continuity and mandatory) and psychological resources (i.e. personal and job resources) in influencing employees’ ISP non-compliance.
Design/methodology/approach
Applying a hypothetical scenario-based survey method, the authors tested our proposed model in six typical ISPs violation scenarios. In sum, 347 responses were collected from a global company. The data were analyzed using partial least square-based structural equation model.
Findings
Findings indicated that continuity and mandatory demands increased employees’ level of perseverance of effort, which, in turn, decreased their ISPs non-compliance intention. In addition, job resources, such as the trust enhancement gained from co-workers and the opportunities for professional development, enhanced the perseverance of effort.
Practical implications
The findings offer implications to practice by suggesting that organizations should design training programs to persuade employees to understand the ISPs in a positive way. Meanwhile, organizations should encourage employees to invest more personal resources by creating a trusting atmosphere and providing them opportunities to learn security knowledge and skills.
Originality/value
This study is among the few to empirically explore how employees respond and behave when they view the security policies as challenge stressors. The paper also provides a novel understanding of how psychological resources contribute to buffering ISP non-compliance.
Details
Keywords
Saurabh Kumar, Baidyanath Biswas, Manjot Singh Bhatia and Manoj Dora
The present study aims to identify and investigate the antecedents of enhanced level of cyber-security at the organisational level from both the technical and the human resource…
Abstract
Purpose
The present study aims to identify and investigate the antecedents of enhanced level of cyber-security at the organisational level from both the technical and the human resource perspective using human–organisation–technology (HOT) theory.
Design/methodology/approach
The study has been conducted on 151 professionals who have expertise in dealing with cyber-security in organisations in sectors such as retail, education, healthcare, etc. in India. The analysis of the data is carried out using partial least squares based structural equation modelling technique (PLS-SEM).
Findings
The results from the study suggest that “legal consequences” and “technical measures” adopted for securing cyber-security in organisations are the most important antecedents for enhanced cyber-security levels in the organisations. The other significant antecedents for enhanced cyber-security in organisations include “role of senior management” and “proactive information security”.
Research limitations/implications
This empirical study has significant implications for organisations as they can take pre-emptive measures by focussing on important antecedents and work towards enhancing the level of cyber-security.
Originality/value
The originality of this research is combining both technical and human resource perspective in identifying the determinants of enhanced level of cyber-security in the organisations.
Details
Keywords
Gaurav Bansal and Zhuoli Axelton
IT security compliance is critical to the organization’s success, and such compliance depends largely on IT leadership. Considering the prevalence of unconscious gender biases and…
Abstract
Purpose
IT security compliance is critical to the organization’s success, and such compliance depends largely on IT leadership. Considering the prevalence of unconscious gender biases and stereotyping at the workplace and growing female leadership in IT, the authors examine how the internalization of stereotype beliefs, in the form of the employee’s gender, impacts the relationships between leadership characteristics and IT security compliance intentions.
Design/methodology/approach
A controlled experiment using eight different vignettes manipulating Chief Information Officer (CIO) gender (male/female), Information Technology (IT) expertise (low/high) and leadership style (transactional/transformational) was designed in Qualtrics. Data were gathered from MTurk workers from all over the US.
Findings
The findings suggest that both CIOs' and employees' gender play an important role in how IT leadership characteristics – perceived expertise and leadership style – influence the employees' intentions and reactance to comply with CIO security recommendations.
Research limitations/implications
This study's findings enrich the security literature by examining the role of leadership styles on reactance and compliance intentions. They also provide important theoretical implications based on gender stereotype theory alone: First, the glass ceiling effects can be witnessed in how men and women employees demonstrate prejudice against women CIO leaders through their reliance on perceived quadratic CIO IT expertise in forming compliance intentions. Secondly, this study's findings related to gender role internalization show men and women have a prejudice against gender-incongruent roles wherein women employees are least resistive to transactional male CIOs, and men employees are less inclined to comply with transactional female CIOs confirm the findings related to gender internationalization from Hentschel et al. (2019).
Practical implications
This study highlights the significance of organizations and individuals actively promoting gender equality and fostering environments that recognize women's achievements. It also underscores the importance of educating men and women about the societal implications of stereotyping gender roles that go beyond the organizational setting. This research demonstrates that a continued effort is required to eradicate biases stemming from gender stereotypes and foster social inclusion. Such efforts can positively influence how upcoming IT leaders and employees internalize gender-related factors when shaping their identities.
Social implications
This study shows that more work needs to be done to eliminate gender stereotype biases and promote social inclusion to positively impact how future IT leaders and employees shape their identities through internalization.
Originality/value
This study redefines the concept of “sticky floors” to explain how subordinates can hinder and undermine female leaders, thereby contributing to the glass ceiling effect. In addition, the study elucidates how gender roles shape employees' responses to different leadership styles through gender stereotyping and internalization.
Details
Keywords
Alexandre Cappellozza, Gustavo Hermínio Salati Marcondes de Moraes, Gilberto Perez and Alessandra Lourenço Simões
This paper aims to investigate the influence of moral disengagement, perceived penalty, negative experiences and turnover intention on the intention to violate the established…
Abstract
Purpose
This paper aims to investigate the influence of moral disengagement, perceived penalty, negative experiences and turnover intention on the intention to violate the established security rules.
Design/methodology/approach
The method used involves two stages of analysis, using techniques of structural equation modeling and artificial intelligence with neural networks, based on information collected from 318 workers of organizational information systems.
Findings
The model provides a reasonable prediction regarding the intention to violate information security policies (ISP). The results revealed that the relationships of moral disengagement and perceived penalty significantly influence such an intention.
Research limitations/implications
This research presents a multi-analytical approach that expands the robustness of the results by the complementarity of each analysis technique. In addition, it offers scientific evidence of the factors that reinforce the cognitive processes that involve workers’ decision-making in security breaches.
Practical implications
The practical recommendation is to improve organizational communication to mitigate information security vulnerabilities in several ways, namely, training actions that simulate daily work routines; exposing the consequences of policy violations; disseminating internal newsletters with examples of inappropriate behavior.
Social implications
Results indicate that information security does not depend on the employees’ commitment to the organization; system vulnerabilities can be explored even by employees committed to the companies.
Originality/value
The study expands the knowledge about the individual factors that make information security in companies vulnerable, one of the few in the literature which aims to offer an in-depth perspective on which individual antecedent factors affect the violation of ISP.
Details
Keywords
Bowen Guan and Carol Hsu
The purpose of this paper is to investigate the association between abusive supervision and employees' information security policy (ISP) noncompliance intention, building on…
Abstract
Purpose
The purpose of this paper is to investigate the association between abusive supervision and employees' information security policy (ISP) noncompliance intention, building on affective commitment, normative commitment and continuance commitment. The study also examines the moderating effect of perceived certainty and severity of sanctions on the relationship between the three dimensions of organizational commitment and ISP noncompliance intention.
Design/methodology/approach
Survey methodology was used for data collection through a well-designed online questionnaire. Data was analyzed using the structural equation model with Amos v. 22.0 software.
Findings
This study demonstrates that abusive supervision has a significant, negative impact on affective, normative and continuance commitment, and the three dimensions of organizational commitment are negatively associated with employees' ISP noncompliance intention. Results also indicate that the moderating effect of perceived severity of sanctions is significant, and perceived certainty of sanctions plays a positive moderating role in the relationship between affective commitment and employees' ISP noncompliance intention.
Practical implications
Findings of this research are beneficial for organizational management in the relationships between supervisors and employees. These results provide significant evidence that avoiding abusive supervision is important in controlling employees' ISP noncompliance behavior.
Originality/value
This research fills an important gap in examining employees' ISP noncompliance intentions from the perspective of abusive supervision and the impact of affective, normative and continuance commitment on ISP noncompliance. The study is also of great value for information systems research to examine the moderating role of perceived certainty and severity of sanctions.
Details
Keywords
Qin Yuan, Jun Kong, Chun Liu and Yushi Jiang
While the phenomenon of technostress has received significant attention from researchers in recent years, empirical findings concerning the consequences of specific forms of…
Abstract
Purpose
While the phenomenon of technostress has received significant attention from researchers in recent years, empirical findings concerning the consequences of specific forms of techno-stressors have remained scattered and contradictory. The authors aim to integrate the conclusions of previous studies to understand the effects of specific techno-stressors on strain and job performance.
Design/methodology/approach
This study employs meta-analytic techniques to calibrate the findings of 67 studies investigating more than 63,100 employees.
Findings
In general, not all techno-stressors have adverse effects. In particular, techno-uncertainty does not impact job performance. In addition, relative weight analyses reveal the relative importance of techno-complexity and techno-insecurity as predictors of both strain and job performance. Finally, this study finds that the effects of specific techno-stressors on job performance vary depending on research participants' gender, educational attainment and employment status.
Originality/value
First, this study provides a more nuanced view of the effects of specific techno-stressors. Second, this research clarifies the relative importance of specific techno-stressors as predictors of strain and job performance. Finally, this study reveals the moderating effects of demographic variables on the relationships between specific techno-stressors and job performance.
Details