How different rewards tend to influence employee non-compliance with information security policies

Abstract

Purpose To help reduce the increasing number of information security breaches that are caused by insiders, past research has examined employee non-compliance with information security policy. However, existent studies have observed mixed results, which suggest that an interaction is likely to exist among the variables that explain employee non-compliance. In an effort to provide evidence for this possibility, this paper aims to better explain why employees routinely engage in non-compliant behaviors by examining the direct and interactive effects of employees’ perceived costs and rewards of compliance and non-compliance on their routinized non-compliant behaviors. Design/methodology/approach Based on rational choice theory, this study used 16 hypothetical scenarios in an experimental survey, collecting data from 326 respondents and analyzing them via structural equation modeling and a four-way factorial experiment. Findings The results suggest that routinized non-compliance of employees is more strongly influenced by the rewards than the costs they perceive in their non-compliance. Further, employees’ routinized non-compliance behavior was found to be positively influenced by an interactive effect of perceived rewards of compliance when their perceptions of their non-compliance costs and rewards were both high and low. Originality/value This paper’s key contribution is to suggest that non-compliance behavior is influenced by direct and interactive effects of perceived rewards of compliance and non-compliance.