Information Security Compliance in Organizations: An Institutional Perspective

Abstract

AbstractThe increasing recognition of the importance of information security has created institutional pressures on organizations to comply with information security standards and policies for protecting their information. How such pressures influence information security compliance in organisations, however, is unclear. This paper presents an empirical study to investigate the impact of institutional pressures on information security compliance in organizations. With the use of structural equation modelling for analysing the data collected through an online survey, the study shows that coercive pressures, normative pressures, and mimetic pressures positively influence information security compliance in organizations. It reveals that the benefits of information security compliance motivate management to strengthen their commitments at information security compliance. Furthermore, the study finds out that social pressures do not have a significant impact on management commitments towards information security compliance. Theoretically this study contributes to the information security research by better understanding how institutional pressures can be used for enhancing information security compliance in organizations. Practically this study informs information security policy makers of the major institutional drivers for information security compliance.