What Drives Information Security Policy Violations among Banking Employees?

Abstract

Employees' information security policy (ISP) violations are a major problem that plagues organizations worldwide, particularly in the banking/financial sector. Research shows that employees use neutralization techniques to rationalize their ISP violating behaviors; it is therefore important to understand what leads to and influences these neutralization techniques. The authors' study draws upon social exchange theory to develop a set of factors that drive employees' neutralization of ISP violations. The model specifies previously untested relationships between job satisfaction, organizational commitment, role conflict, role ambiguity, and neutralization techniques. Using a sample of Malaysian banking employees, the authors found a positive relationship between role conflict and neutralization of ISP violations, whereas organizational commitment was negatively related to neutralization in this context. The authors' findings offer fresh insights for scholars and practitioners in dealing with the problem of employees' intentional ISP violations while extending the reach of neutralization theory beyond North American and European cultures.