Understanding employee's emotional reactions to ISSP compliance: focus on frustration from security requirements

Abstract

ABSTRACT As the importance of information assets increases, employees are increasingly required to comply with organisational policies for information security (InfoSec). Since security-related demands lead to stressful situations, employees are likely to bypass security policies to perform their tasks. Extant literature does not sufficiently address the detrimental factors of information system security policies (ISSP). This study investigates employees’ emotional reactions to ISSP compliance from the perspectives of technostress and coping. The aim of this study is to identify behaviour antecedents of frustration in the context of InfoSec and provide factors for mitigating the negative effects of frustration on ISSP compliance intentions. This study followed a survey approach and conducted structural equation modelling using the WarpPLS program to examine its research model and hypotheses. The survey respondents comprised employees who used an enterprise digital rights management system. The results demonstrated that frustration negatively affected employees’ intentions to comply with ISSP, but these negative effects of frustration decreased when autonomy was granted. Further, this study provides critical new insights on ISSP compliance from an emotional perspective.