ABSTRACT
Prior information security research establishes the need to investigate the informal factors that influence employee attitudes and self-efficacy beliefs about information security. Two informal workplace dynamics that are particularly important for how employees think about information security comprise senior management support and workplace norms. However, there are limitations to empirical research to date on these constructs, including conflicting evidence on the relationship between senior management support and information security attitudes and a lack of research on how norms impact self-efficacy beliefs. Also, although some studies suggest that norms might play a mediating role between information security attitudes, self-efficacy beliefs and their (informal and formal) antecedents, empirical research is yet to investigate these possibilities. Consequently, this study considers the relationships between senior management support, norms, formal controls and information security attitudes and self-efficacy beliefs. It comprises a cross-sectional survey of employees at a law enforcement organisation. Results indicate the central role that norms have on employee information security attitudes and self-efficacy beliefs including their direct and mediating role. In addition, the study highlights the important role that senior management support has on employees’ thinking about information security.
Disclosure statement
No potential conflict of interest was reported by the authors.
Notes
1 We use the term ‘workplace norms’ and ‘norms’ interchangeably to refer to subjective norms in an organisational setting.
2 We consider the effects these mechanisms on employees in terms of broad goal and behavioural alignment (e.g. Boss et al. Citation2009) rather than from a pure deterrence perspective (e.g. D'arcy, Hovav, and Galletta Citation2009).