Abstract

PurposeA growing number of studies have investigated the effect of ethical leadership on behavioral outcome of employees. However, considering the important role of ethics in IS security, the security literature lacks a theoretical and empirical investigation of the relationship between ethical leadership and employees' security behavior, such as information security policy (ISP) violation. Drawing on social learning and social exchange theories, this paper empirically tests the impact of ethical leadership on employees' ISP violation intention through both information security climate (i.e. from a moral manager's perspective) and affective commitment (i.e. from a moral person's perspective).Design/methodology/approachThe research was developed based on social learning theory and social exchange theory. To measure the variables in the model, the authors used and adapted measurement items from previous studies. The authors conducted a scenario-based survey with 339 valid responses to test and validate the research model.FindingsResults indicated that information security climate fully mediates the relationship between ethical leadership and ISP violation intention. The authors also found that information security climate enhances the negative effect of affective commitment on ISP violation intention.Originality/valueThis research contributes to the literature of information security by introducing the role of ethical leadership and integrating two theories into our research model. This study also calls attention to how information security climate and affective commitment mediate the relationship between ethical leadership and employees' ISP violation intention. The theory-driven study provides important pragmatic guidance for enhancing the understanding of the importance of ethical leadership in information systems security research.

Highlights

  • Mitigating security threats and safeguarding information security has become an important organizational strategic agenda

  • We used chi-square divided by degrees of freedom ( x2/df), the comparative fit index (CFI ), the Tucker–Lewis index (TLI) and the root mean square error of approximation (RMSEA) to test the model fit

  • Consistent with hypothesis 2, the results showed that the indirect effect of ethical leadership on information security policy (ISP) violation intention through information security climate was significant (B 5 À0.198, p < 0.05) and the confidence interval is between À0.320 and À0.107

Read more

Summary

Introduction

Mitigating security threats and safeguarding information security has become an important organizational strategic agenda. Among a variety of security threats, employees’ information security policy (ISP) violation has been deemed to be a major concern to organizations (Chen et al, 2021; Luo et al, 2020; Moody et al, 2018; Siponen and Vance, 2010). © Botong Xue, Feng Xu, Xin Luo and Merrill Warkentin. Published in Organizational Cybersecurity Journal: Practice, Process and People. The full terms of this license may be seen at http://creativecommons.org/licences/by/4.0/legalcode

Objectives
Methods
Results
Discussion
Conclusion
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call