Abstract
Deterrence theory is one of the most commonly used theories to study information security policy non-compliance behavior. However, the results of studies in the information security field are ambiguous. To further address this heterogeneity, various influencing factors have been considered in the context of deterrence theory. However, a current challenge with these findings is that recent studies that quantitatively assess the effectiveness of deterrence have relied predominantly on methods that analyze the underlying data, starting from a regression-based approach. By applying quantile regression, we estimate the overall effect of deterrents, and uncover how their effect differs among employees with different inclinations toward ISP compliance behavior – a critical insight for determining security measures for specific employee groups. Based on longitudinal data gathered in the U.S., our findings show significantly different effects in the analyzed quantiles for both aspects of sanctions, namely certainty and severity.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
