The moderating effect of abusive supervision on information security policy compliance: Evidence from the hospitality industry

Abstract

Organizations have recognized the importance of information security and have developed information security policies for their employees. Deterrence is often used to enhance employees’ compliance intention. However, the literature reports mixed results for the effects of deterrence, and we argue that those conflicting findings can be due to different managerial contexts across organizations. To understand how managerial factors influence the effects of deterrence, our study focused on abusive supervision and examined how abusive supervision moderated the relationship between deterrence perception and employee’ intention to comply with information security policies. Two rounds of surveys were conducted to collect data from Chinese hotel employees. The results show that abusive supervision could not enhance the effect of perceived severity and certainty of deterrence, when compliance intention from the second-round survey was used for hypotheses testing. Our study contributes to the literature by taking the first step toward explaining the inconsistent results in the literature on deterrence. Our study also provides important strategic guidelines informing managers that abusive supervision should not be used to enhance employees’ compliance with information security policies.