Examining the impact of deterrence factors and norms on resistance to Information Systems Security

Abstract

Numerous studies have found that employees are the principal source of adverse Information Systems Security (ISS) incidents in organizational settings. Consequently, the ISS research focuses on examining factors that affect employees' behaviour towards complying with ISS policy. Most of this research, based on the theory of reasoned action, considers that employees' intention to comply with ISS policies is a good predictor of their behaviour. This paper argues that the employees' compliance with ISS policies within organizations is usually enforced, and that the non-compliance is mainly due to the resistance towards these policies. This research examines the role of organizational punishment and organizational norms in impacting employees' resistance towards the ISS policies. The data were collected from 133 employees of 10 organizations spanning four industries and the hypotheses were tested and validated using PLS-SEM analytical procedures. The results show that moral and descriptive norms are useful in reducing the resistance.