Information security policy noncompliance: An integrative social influence model

Academic Article


  • AbstractDespite the significant advancements made in understanding the factors that drive employees' compliance and noncompliance behaviours with information security policy (ISP), less is known about how different factors interact to impact such behaviours. Having been drawn on the social information processing theory, this research develops an integrative model that investigates how ethical work climate, beliefs, and neutralization interact to jointly explain ISP noncompliance. The model is tested via a survey of a broad cross section of employees. Neutralization, perceived cost of compliance, and perceived cost of noncompliance are found to significantly impact ISP noncompliance. Egoistic, benevolent, and principled climates are found to differentially influence neutralization and individuals' cognitive beliefs about the cost and benefit of ISP compliance versus noncompliance. Neutralization appears to be a more important moderator of the beliefÔÇÉnoncompliance relationship than the principled climate.
  • Authors


    Publication Date

  • March 2020
  • Has Subject Area


  • IS Security
  • ethical climate
  • information security management
  • security policy violation
  • Digital Object Identifier (doi)

    Start Page

  • 220
  • End Page

  • 269
  • Volume

  • 30
  • Issue

  • 2