Access the full text.
Sign up today, get DeepDyve free for 14 days.
Greta Polites, Elena Karahanna (2013)
The Embeddedness of Information Systems Habits in Organizational and Individual Level Routines: Development and DisruptionMIS Q., 37
R. East, W. Lomax, G. Willson, Patricia Harris (1994)
Decision Making and Habit in Shopping TimesEuropean Journal of Marketing, 28
V. Mitchell, Pari Boustani (1994)
A Preliminary Investigation into Pre‐ and Post‐Purchase Risk Perception and ReductionEuropean Journal of Marketing, 28
S. Petter, D. Straub, Arun Rai (2007)
Specifying Formative Constructs in Information Systems ResearchMIS Q., 31
Rodrigo Klein, E. Luciano (2016)
WHAT INFLUENCES INFORMATION SECURITY BEHAVIOR? A STUDY WITH BRAZILIAN USERSJistem Journal of Information Systems and Technology Management, 13
R. Paternoster, Greg Pogarsky (2009)
Rational Choice, Agency and Thoughtfully Reflective Decision Making: The Short and Long-Term Consequences of Making Good ChoicesJournal of Quantitative Criminology, 25
M. Anshel, Minsoo Kang (2007)
Effect of an intervention on replacing negative habits with positive routines for improving full engagement at work: A test of the disconnected values model.Consulting Psychology Journal: Practice and Research, 59
Anthony Vance, M. Siponen, Seppo Pahnila (2012)
Motivating IS security compliance: Insights from Habit and Protection Motivation TheoryInf. Manag., 49
(2019)
2019 Official annual crime report
J. D'Arcy, A. Hovav (2009)
Does One Size Fit All? Examining the Differential Effects of IS Security CountermeasuresJournal of Business Ethics, 89
Rima Khatib, H. Barki (2020)
Habits in organizational contexts: Information systems routines, cues, and rewardsCanadian Journal of Administrative Sciences-revue Canadienne Des Sciences De L Administration, 37
Wynne Chin, Barbara Marcolin, P. Newsted (2003)
A Partial Least Squares Latent Variable Modeling Approach for Measuring Interaction Effects: Results from a Monte Carlo Simulation Study and an Electronic - Mail Emotion/Adoption StudyInf. Syst. Res., 14
M. Siponen, Anthony Vance (2010)
Neutralization: New Insights into the Problem of Employee Systems Security Policy ViolationsMIS Q., 34
Rima El-Khatib, H. Barki (2020)
An activity theory approach to information security non-complianceInf. Comput. Secur., 28
Anthony Vance, M. Siponen, D. Straub (2020)
Effects of sanctions, moral beliefs, and neutralization on information security policy violations across culturesInf. Manag., 57
Burcu Bulgurcu, H. Cavusoglu, I. Benbasat (2010)
Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security AwarenessMIS Q., 34
B. McCarthy (2002)
NEW ECONOMICS OF SOCIOLOGICAL CRIMINOLOGYReview of Sociology, 28
V. Choudhury, Elena Karahanna (2008)
The Relative Advantage of Electronic Channels: A Multidimensional ViewMIS Q., 32
C. Mottaz (1985)
The Relative Importance of Intrinsic and Extrinsic Rewards as Determinants of Work SatisfactionSociological Quarterly, 26
Inho Hwang, Daejin Kim, Taeha Kim, Sanghyun Kim (2017)
Why not comply with information security? An empirical approach for the causes of non-complianceOnline Inf. Rev., 41
B. Verplanken, Suzanne Faes (1999)
Good intentions, bad habits, and effects of forming implementation intentions on healthy eatingEuropean Journal of Social Psychology, 29
Susan Linz, Anastasia Semykina (2010)
What Makes Workers Happy? Anticipated Rewards and Job SatisfactionLabor: Public Policy & Regulation eJournal
A. Piquero, M. Hickman (1999)
AN EMPIRICAL TEST OF TITTLE'S CONTROL BALANCE THEORY*Criminology, 37
Rogier Woltjer (2017)
Workarounds and trade-offs in information security - an exploratory studyInf. Comput. Secur., 25
Tejaswini Herath, H. Rao (2009)
Protection motivation and deterrence: a framework for security policy compliance in organisationsEuropean Journal of Information Systems, 18
T. Sommestad, J. Hallberg, K. Lundholm, J. Bengtsson (2014)
Variables influencing information security policy compliance: A systematic review of quantitative studiesInf. Manag. Comput. Secur., 22
Liisa Myyry, M. Siponen, Seppo Pahnila, Tero Vartiainen, Anthony Vance (2009)
What levels of moral reasoning and values explain adherence to information security rules? An empirical studyEuropean Journal of Information Systems, 18
Tilmann Betsch, S. Haberstroh, Cornelia Hohle (2002)
Explaining Routinized Decision MakingTheory & Psychology, 12
L. Treviño (1992)
Experimental Approaches to Studying Ethical-Unethical Behavior in OrganizationsBusiness Ethics Quarterly, 2
Allen Johnston, Merrill Warkentin (2010)
Fear Appeals and Information Security Behaviors: An Empirical StudyMIS Q., 34
(2019)
Cost of a data breach report
P. Podsakoff, Scott MacKenzie, Jeong-Yeon Lee, Nathan Podsakoff (2003)
Common method biases in behavioral research: a critical review of the literature and recommended remedies.The Journal of applied psychology, 88 5
(2019)
IBM: Cost of a Data Breach Report 2019Computer Fraud & Security
Michael O’Fallon, Kenneth Butterfield (2005)
A Review of The Empirical Ethical Decision-Making Literature: 1996–2003Journal of Business Ethics, 59
J. D'Arcy, A. Hovav, D. Galletta (2009)
User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence ApproachInf. Syst. Res., 20
To help reduce the increasing number of information security breaches that are caused by insiders, past research has examined employee non-compliance with information security policy. However, existent studies have observed mixed results, which suggest that an interaction is likely to exist among the variables that explain employee non-compliance. In an effort to provide evidence for this possibility, this paper aims to better explain why employees routinely engage in non-compliant behaviors by examining the direct and interactive effects of employees’ perceived costs and rewards of compliance and non-compliance on their routinized non-compliant behaviors.Design/methodology/approachBased on rational choice theory, this study used 16 hypothetical scenarios in an experimental survey, collecting data from 326 respondents and analyzing them via structural equation modeling and a four-way factorial experiment.FindingsThe results suggest that routinized non-compliance of employees is more strongly influenced by the rewards than the costs they perceive in their non-compliance. Further, employees’ routinized non-compliance behavior was found to be positively influenced by an interactive effect of perceived rewards of compliance when their perceptions of their non-compliance costs and rewards were both high and low.Originality/valueThis paper’s key contribution is to suggest that non-compliance behavior is influenced by direct and interactive effects of perceived rewards of compliance and non-compliance.
Information and Computer Security – Emerald Publishing
Published: Jan 31, 2022
Keywords: IS security; Non-Compliance; Rewards; Costs; Rational choice theory; Experimental survey; Hypothetical scenarios
Read and print from thousands of top scholarly journals.
Already have an account? Log in
Bookmark this article. You can see your Bookmarks on your DeepDyve Library.
To save an article, log in first, or sign up for a DeepDyve account if you don’t already have one.
Copy and paste the desired citation format or use the link below to download a file formatted for EndNote
Access the full text.
Sign up today, get DeepDyve free for 14 days.
All DeepDyve websites use cookies to improve your online experience. They were placed on your computer when you launched this website. You can change your cookie settings through your browser.