Intentions To Comply Versus Intentions To Protect: A Vie Theory Approach To Understanding The Influence Of Insiders’ Awareness Of Organizational Seta Efforts

Keywords

Expectancy Theory; Policy Compliance; Security Intentions; Security Training; VIE Theory

Abstract

In contemporary organizations, the protection of an organization's information assets is reliant on the behavior of those entrusted with access to organizational information and information systems (IS). Because of this reliance, organizations increasingly prioritize the training and education of employees through security education, training, and awareness (SETA) initiatives. Through expectancy theory and its central components of valence, instrumentality, and expectancy (VIE), we investigate the role of insiders’ awareness of organizational SETA efforts on two similar, yet distinct, security-related intentions: intention to comply with information security policies (ISPs) and intention to protect the organization's information assets from their threats. Not only do we show how distinct these two concepts are from a quantitative standpoint, we also demonstrate differences between insiders’ compliance and protection intentions, as well as their motivational antecedents. Moreover, we demonstrate how our powerful, yet parsimonious, model based on expectancy theory explains a significant portion of the variance in these two important concepts: 52.7% in intentions to comply with ISPs and 68.1% in intentions to protect organizational information assets. We discuss the implications of our findings for research and practice and offer future research opportunities.

Publication Date

12-1-2018

Publication Title

Decision Sciences

Volume

49

Issue

6

Number of Pages

1187-1228

Document Type

Article

Personal Identifier

scopus

DOI Link

https://doi.org/10.1111/deci.12304

Socpus ID

85054166379 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/85054166379

This document is currently not available here.

Share

COinS