Fostering security-related citizenship through the employee-supervisor relationship: An examination of supervisor security embodiment

Abstract

Organizational information security performance is increasingly dependent on employees’ security-related citizenship behaviors that stretch beyond the scope of formal organizational prescription and control. Unfortunately, cultivating enactment of these valued behaviors has proven challenging for many companies. The literature has recognized workplace relationships as important determinants of behavioral security outcomes and extra-role security behaviors (ERBs) in particular. Taken further, an employee's relationship with the immediate supervisor is recognized as one of the most influential relational factors shaping a variety of workplace behaviors, including those related to security. Consistent with these notions, scholars have called for making the employee-supervisor relationship a more central component of behavioral security research and practice. Currently however, beyond recognition of this relationship's importance, the knowledge base is unclear about how it shapes ERB enactment. Because employees view supervisors as both organizational agents and as individuals in their own rights, this relationship has the potential to drive productive or counterproductive security behaviors, depending on how aligned the supervisor's security values are with those of the organization. Yet, the security literature has given surprisingly little consideration to the notion that employees can differ in the extent to which they perceive supervisors as embodying organizational information security values. Responding to this gap, the current study examines how employee-supervisor relations and perceived security-related value alignment between supervisors and the broader organization shape employees’ commitment to organizational information security and ultimately, ERB enactment. Grounded in the social identity theory of leadership (SITL), a research model is developed that positions high-quality employee-supervisor exchange as a direct antecedent of affective commitment to organizational information security, which then serves as a central intrinsic motivational mechanism driving ERB enactment. Further, rooted in SITL's principles on leader prototypicality and supervisor organizational embodiment, employee-perceived value alignment between the immediate supervisor and the organization as a whole—referred to here as supervisor security embodiment (SSE)—is introduced as a critical boundary condition influencing the extent to which employee-supervisor relations drive commitment. Results from model testing empirically demonstrate the value of SSE in explicating how this important relationship shapes workplace ERB enactment, through its influence on affective commitment to organizational information security performance.