Exploring eustress and fear: A new perspective on protection motivation in information security policy compliance within the financial sector

Abstract

Information security policy (ISP) compliance has emerged as a significant challenge for contemporary businesses. This underscores the crucial role of employing fear appeals to encourage employee compliance with ISP. However, the existing literature is rife with mixed and inconsistent findings regarding the influence of fear appeals on employees' intentions to comply with ISP. In an effort to address this inconsistency and delve into the mechanisms through which fear appeals impact ISP compliance, we expanded the Protection Motivation Theory by incorporating the Transactional Model of Stress and Coping. Notably, we introduced a positive emotion, eustress, into the mediating mechanism alongside fear. Our hypothesis posited that fear appeals not only generate fear but also evoke eustress, subsequently positively influencing ISP compliance. We conducted a study among financial sector employees and validated our hypothesis using structural equation modeling techniques. Our primary theoretical contributions include highlighting the critical role of eustress in enhancing ISP compliance and proposing a parallel mechanism through which fear appeals impact ISP compliance. From a practical standpoint, we demonstrate that eustress plays a more significant role in motivating employees to comply with ISP. Furthermore, we provide insights into how organizations can design fear appeal messages by incorporating the concept of eustress, thereby optimizing their effectiveness in promoting ISP compliance.