Examining the effects of cognitive load on information systems security policy compliance

Abstract

PurposeEnforcing employee compliance with information systems security policies (ISSP) is a herculean task for organizations as security breaches due to non-compliance continue to soar. To improve this situation, researchers have employed fear appeals that are based on protection motivation theory (PMT) to induce compliance behavior. However, extant research on fear appeals has yielded mixed findings. To help explain these mixed findings, the authors contend that efficacy formation is a cognitive process that is impacted by the cognitive load exerted by the design of fear appeal messages.Design/methodology/approachThe study draws on cognitive load theory (CLT) to examine the effects of intrinsic cognitive load, extraneous cognitive load and germane cognitive load on stimulating an individual’s efficacy and coping appraisals. The authors designed a survey to collect data from 359 respondents and tested the model using partial least squares.FindingsThe analysis showed significant relationships between cognitive load (intrinsic, extraneous, and germane) and fear, maladaptive rewards, response costs, self-efficacy and response efficacy.Originality/valueThis provides support for the assertion that fear appeals impact the cognitive processes of individuals that then in turn can potentially affect the efficacy of fear and coping appraisals. These findings demonstrate the need to further investigate how individual cognition is impacted by fear appeal design and the resulting effects on compliance intention and behavior.