Organizational information security performance increasingly depends on employees’ extra-role security behaviors (ERBs), which go beyond the scope of formal organizational prescription and control. At the same time, however, the literature suggests ERBs are largely unresponsive to traditional outline-and-control approaches to behavioral security. Instead, this stream finds that ERBs are primarily cultivated through social interactions with other organizational agents, namely the IS department and the direct supervisor. While important progress has been made in explicating the social nature of ERBs and the organizational agents that shape it, little is currently understood about the attributes of these employee-agent relationships that give rise to their influence on ERB enactment. Tied to this void, review of the literature reveals two separate and fundamentally different explanations of relational influence in this context which, according to theory, are associated with different relational attributes. Responding to these gaps, the current study presents a mixed-method examination of the relational antecedents of ERB enactment. We first theoretically develop and quantitatively examine a dual-channel model of socially motivated ERB enactment that highlights two co-existing motivational channels—an exchange-based channel rooted in norms of reciprocity and an identity-based channel rooted in self-verification. Then, applying the findings from quantitative examination of the dual-channel model, we qualitatively examine the specific attributes of these employee-agent relationships that promote ERB enactment. In doing so, this study makes multiple contributions to the literature including unification of prior work in this stream and introduction of detailed profiles of effective employee-agent relationships in this context.
Read full abstract