Advanced search
Publication Cover
Journal of Management Information Systems Volume 32, 2015 - Issue 4
Journal homepage
3,779
Views
168
CrossRef citations to date
0
Altmetric
Original Articles

The Impact of Organizational Commitment on Insiders’ Motivation to Protect Organizational Information Assets

Clay PoseyView further author information
,
Tom L. RobertsView further author information
&
Paul Benjamin LowryView further author information
Pages 179-214 | Published online: 13 Apr 2016

References

  • Albrechtsen, E., and Hovden, J. The information security digital divide between information security managers and users. Computers and Security, 28, 6 (2009), 476–490.
  • Allen, N.J., and Meyer, J.P. Affective, continuance, and normative commitment to the organization: An examination of construct validity. Journal of Vocational Behavior, 49, 3 (1996), 252–276.
  • Anderson, C.L., and Agarwal, R. Practicing safe computing: A multimethod empirical examination of home computer user security behavioral intentions. MIS Quarterly, 34, 3 (2010), 613–643.
  • Aytes, K., and Connolly, T. Computer security and risky computing practices: A rational choice perspective. Journal of Organizational and End User Computing, 16, 3 (2004), 22–40.
  • Bandura, A. Self-efficacy: Toward a unifying theory of behavioral change. Psychological Review, 84, 2 (1977), 191–215.
  • Beck, K.H. The effects of risk probability, outcome severity, efficacy of protection and access to protection on decision making: A further test of protection motivation theory. Social Behavior and Personality, 12, 2 (1984), 121–125.
  • Bennett, R.J., and Robinson, S.L. Development of a measure of workplace deviance. Journal of Applied Psychology, 85, 3 (2000), 349–360.
  • Block, L.G., and Keller, P. A. When to accentuate the negative: The effects of perceived efficacy and message framing on intentions to perform a health-related behavior. Journal of Marketing Research, 32, 2 (1995), 192–203.
  • Boss, S.R.; Galletta, D.F.; Lowry, P.B.; Moody, G.D.; and Polak, P. What do systems users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviors. MIS Quarterly, 39, 4, (2015), 837–864.
  • Bryant, F.B., and Satorra, A. Principles and practice of scaled difference chi-square testing. Structural Equation Modeling: A Multidisciplinary Journal, 19, 3 (2012), 372–398.
  • Byrne, B.M.; Shavelson, R.J.; and Muthén, B. Testing for the equivalence of factor covariance and mean structures: The issue of partial measurement invariance. Psychological Bulletin, 105, 3 (1989), 456–466.
  • Cammann, C.; Fichman, M.; Jenkins, D.; and Klesh, J. Assessing the attitudes and perceptions of organizational members. In S. Seashore, E. Lawler, P. Mirvis, and C. Cammann (eds.), Assessing Organizational Change: A Guide to Methods, Measures and Practices. New York: Wiley, 1983, pp. 71–138.
  • Campion, M.A.; Medsker, G.J.; and Higgs, A.C. Relations between work group characteristics and effectiveness: Implications for designing effective work groups. Personnel Psychology, 46, 4 (1993), 823–850.
  • Campis, L.K.; Prentice-Dunn, S.; and Lyman, R. D. Coping appraisal and parents’ intentions to inform their children about sexual abuse: A protection motivation theory analysis. Journal of Social and Clinical Psychology, 8, 3 (1989), 304–316.
  • Cenfetelli, R.T.; Bassellier, G.; and Posey, C. The analysis of formative measurement in IS research: Choosing between component-and covariance-based techniques. DATA BASE for Advances in Information Systems, 44, 4 (2013), 66–79.
  • Chatterjee, S.; Sarker, S.; and Valacich, J.S. The behavioral roots of information systems security: Exploring key factors related to unethical IT use. Journal of Management Information Systems, 31, 4 (2015), 49–87.
  • Chen, Y.; Ramamurthy, K.; and Wen, K.-W. Organizations’ information security policy compliance: Stick or carrot approach? Journal of Management Information Systems, 29, 3 (2012), 157–188.
  • Choi, J.N. Change oriented organizational citizenship behavior: Effects of work environment characteristics and intervening psychological processes. Journal of Organizational Behavior, 28, 4 (2007), 467–484.
  • Cohen, J. Statistical Power Analysis for the Behavioral Sciences. 2nd ed. Hillsdale, NJ: Lawrence Erlbaum, 1988.
  • Crossler, R.E.; Johnston, A.C.; Lowry, P.B.; Hu, Q.; Warkentin, M.; and Baskerville, R. Future directions for behavioral information security research. Computers and Security, 32, 1 (2013), 90–101.
  • D’Arcy, J., and Devaraj, S. Employee misuse of information technology resources: Testing a contemporary deterrence model. Decision Sciences, 43, 6 (2012), 1091–1124.
  • D’Arcy, J.; Herath, T.; and Shoss, M.K. Understanding employee responses to stressful information security requirements: A coping perspective. Journal of Management Information Systems, 31, 2 (2014), 285–318.
  • D’Arcy, J., and Hovav, A. Deterring internal information systems misuse. Communications of the ACM, 50, 10 (2007), 113–117.
  • D’Arcy, J.; Hovav, A.; and Galletta, D. User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Information Systems Research, 20, 1 (2009), 79–98.
  • Da Veiga, A., and Eloff, J.H.P. A framework and assessment instrument for information security culture. Computers and Security, 29, 2 (2010), 196–207.
  • Diamantopoulos, A. Incorporating formative measures into covariance-based structural equation models. MIS Quarterly, 35, 2 (2011), 335–358.
  • Dinev, T.; Goo, J.; Hu, Q.; and Nam, K. User behaviour towards protective information technologies: The role of national cultural differences. Information Systems Journal, 19, 4 (2009), 391–412.
  • Dlamini, M.T.; Eloff, J.H.P.; and Eloff, M.M. Information security: The moving target. Computers and Security, 28, 3–4 (2009), 189–198.
  • E&Y. Fighting to close the gap: Ernst & Young’s 2012 Global Information Security Survey. Ernst & Young 2012. http://www.ey.com/Publication/vwLUAssets/GISS2012/$FILE/EY_GISS_2012.pdf
  • Eppright, D.R.; Hunt, J.B.; Tanner, J.F.; and Franke, G.R. Fear, coping, and information: A pilot study on motivating a healthy response. Health Marketing Quarterly, 20, 1 (2002), 51–73.
  • Floyd, D.L.; Prentice-Dunn, S.; and Rogers, R.W. A meta-analysis of research on protection motivation theory. Journal of Applied Social Psychology, 30, 2 (2000), 407–429.
  • Fornell, C., and Larcker, D.F. Evaluating structural equation models with unobservable variables and measurement error. Journal of Marketing Research, 18, 1 (1981), 39–50.
  • Fruin, D.J.; Pratt, C.; and Owen, N. Protection motivation theory and adolescents’ perceptions of exercise. Journal of Applied Social Psychology, 22, 1 (1992), 55–69.
  • Gartner. Gartner says worldwide security infrastructure market will grow 8.4 percent. London, 2012. http://www.gartner.com/newsroom/id/2828722
  • Grewal, R.; Cote, J.A.; and Baumgartner, H. Multicollinearity and measurement error in structural equation models: Implications for theory testing. Marketing Science, 23, 4 (2004), 519–529.
  • Guo, K.H.; Yuan, Y.; Archer, N.P.; and Connelly, C.E. Understanding nonmalicious security violations in the workplace: A composite behavior model. Journal of Management Information Systems, 28, 2 (2011), 203–236.
  • Gurung, A.; Luo, X.; and Liao, Q. Consumer motivations in taking action against spyware: An empirical investigation. Information Management and Computer Security, 17, 3 (2009), 276–289.
  • Hair, J.F.; Black, W.; Babin, B.; Anderson, R.E.; and Tatham, R.L. Multivariate Data Analysis. Upper Saddle River, NJ: Pearson Education, 2006.
  • Hanisch, K.A.; Hulin, C.L.; and Roznowski, M. The importance of individuals’ repertoires of behaviors: The scientific appropriateness of studying multiple behaviors and general attitudes. Journal of Organizational Behavior, 19, 5 (1998), 463–480.
  • Herath, T., and Rao, H.R. Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness. Decision Support Systems, 47, 2 (2009), 154–165.
  • Herath, T., and Rao, H. R. Protection motivation and deterrence: A framework for security policy compliance in organisations. European Journal of Information Systems, 18, 2 (2009), 106–125.
  • Hu, Q.; Dinev, T.; Hart, P.; and Cooke, D. Managing employee compliance with information security policies: The critical role of top management and organizational culture. Decision Sciences, 43, 4 (2012), 615–660.
  • Hu, Q.; West, R.; and Smarandescu, L. The role of self-control in information security violations: Insights from a cognitive neuroscience perspective. Journal of Management Information Systems, 31, 4 (2015), 6–48.
  • Jenkins, J.L.; Grimes, M.; Proudfoot, J.; and Lowry, P. B. Improving password cybersecurity through inexpensive and minimally invasive means: Detecting and deterring password reuse through keystroke-dynamics monitoring and just-in-time warnings. Information Technology for Development, 20, 2 (2014), 196–213.
  • Johnston, A.C., and Warkentin, M. Fear appeals and information security behaviors: An empirical study. MIS Quarterly, 34, 3 (2010), 549–566.
  • Kim, W.C., and Mauborgne, R.A. Procedural justice, attitudes, and subsidiary top management compliance with multinationals’ corporate strategic decisions. Academy of Management Journal, 36, 3 (1993), 502–526.
  • Kotulic, A.G., and Clark, J.G. Why there aren’t more information security research studies. Information and Management, 41, 5 (2004), 597–607.
  • LaRose, R.; Rifon, N.J.; and Enbody, R. Promoting personal responsibilitiy for Internet safety. Communications of the ACM, 51, 3 (2008), 71–76.
  • Lee, Y., and Kozar, K.A. An empirical investigation of anti-spyware software adoption: A multitheoretical perspective. Information and Management, 45, 2 (2008), 109–119.
  • Lee, Y., and Larsen, K.R. Threat or coping appraisal: Determinants of SMB executives’ decision to adopt anti-malware software. European Journal of Information Systems, 18, 2 (2009), 177–187.
  • Leventhal, H. Findings and theory in the study of fear communications. In L. Berkowitz (ed.), Advances in Experimental Social Psychology, Volume 5. New York: Academic Press, 1970, pp. 119–186.
  • Li, H.; Zhang, J.; and Sarathy, R. Understanding compliance with Internet use policy from the perspective of rational choice theory. Decision Support Systems, 48, 4 (2010), 635–645.
  • Liang, H., and Xue, Y. Avoidance of information technology threats: A theoretical perspective. MIS Quarterly, 33, 1 (2009), 71–90.
  • Liang, H., and Xue, Y. Understanding security behaviors in personal computer usage: A threat avoidance perspective. Journal of the Association for Information Systems, 11, 7 (2010), 394–413.
  • Lowry, P.B.; Cao, J.; and Everard, A. Privacy concerns versus desire for interpersonal awareness in driving the use of self-disclosure technologies: The case of instant messaging in two cultures. Journal of Management Information Systems, 27, 4 (2011), 165–204.
  • Lowry, P.B., and Gaskin, J. Partial least squares (PLS) structural equation modeling (SEM) for building and testing behavioral causal theory: When to choose it and how to use it. IEEE Transactions on Professional Communication, 57, 2 (2014), 123–146.
  • Lowry, P.B.; Moody, G.D.; Galletta, D.F.; and Vance, A. The drivers in the use of online whistle-blowing reporting systems. Journal of Management Information Systems, 30, 1 (2013), 153–189.
  • Maddux, J.E., and Rogers, R.W. Protection motivation and self-efficacy: A revised theory of fear appeals and attitude change. Journal of Experimental Social Psychology, 19, 5 (1983), 469–479.
  • Marett, K.; McNab, A.L.; and Harris, R.B. Social networking websites and posting personal information: An evaluation of protection motivation theory. AIS Transactions on Human-Computer Interaction, 3, 3 (2011), 170–188.
  • McClendon, B.T.; Prentice-Dunn, S.; Blake, R.; and McMath, B. The role of appearance concern in responses to intervention to reduce skin cancer risk. Health Education, 102, 2 (2002), 76–83.
  • Meyer, J.P., and Allen, N.J. Testing the “side-bet theory” of organizational commitment: Some methodological considerations. Journal of Applied Psychology, 69, 3 (1984), 372–378.
  • Meyer, J.P., and Allen, N.J. A three-component conceptualization of organizational commitment: Some methodological considerations. Human Resource Management Review, 1, 1 (1991), 61–98.
  • Meyer, J.P., and Allen, N.J. Commitment in the Workplace. Thousand Oaks, CA: Sage, 1997.
  • Meyer, J.P.; Allen, N.J.; and Smith, C.A. Commitment to organizations and occupations: Extension and test of a three-component conceptualization. Journal of Applied Psychology, 78, 4 (1993), 538–551.
  • Meyer, J.P.; Becker, T.E.; and Vandenberghe, C. Employee commitment and motivation: A conceptual analysis and integrative model. Journal of Applied Psychology, 89, 6 (2004), 991–1007.
  • Meyer, J.P.; Stanley, D.J.; Herscovitch, L.; and Topolnytsky, L. Affective, continuance, and normative commitment to the organization: A meta-analysis of antecedents, correlates, and consequences. Journal of Vocational Behavior, 61, 1 (2002), 20–52.
  • Milne, S.; Sheeran, P.; and Orbell, S. Prediction and intervention in health-related behavior: A meta-analytic review of protection motivation theory. Journal of Applied Social Psychology, 30, 1 (2000), 106–143.
  • Mowday, R.T.; Steers, R.M.; and Porter, L.W. The measurement of organizational commitment. Journal of Vocational Behavior, 14, 2 (1979), 224–247.
  • Ng, B.Y.; Kankanhalli, A.; and Xu, Y. Studying users’ computer security behavior: A health belief perspective. Decision Support Systems, 46, 4 (2009), 815–825.
  • O’Driscoll, M.P., and Randall, D.M. Perceived organisational support, satisfaction with rewards, and employee job involvement and organisational commitment. Applied Psychology, 48, 2 (1999), 197–209.
  • Organ, D.W., and Ryan, K. A meta-analytic review of attitudinal and dispositional predictors of organizational citizenship behavior. Personnel Psychology, 48, 4 (1995), 775–802.
  • Oz, E. Organizational commitment and ethical behavior: An empirical study of information system professionals. Journal of Business Ethics, 34, 2 (2001), 137–142.
  • Pahnila, S.; Siponen, M.; and Mahmood, A. Employees’ behavior towards IS security policy compliance. Paper presented at the 40th Hawaii International Conference on Systems Sciences (HICSS 2007), Big Island, January 3–6, 2007, pp. 1–10.
  • Pechmann, C.; Zhao, G.; Goldberg, M.E.; and Reibling, E.T. What to convey in antismoking advertisements for adolescents: The use of protection motivation theory to identify effective message themes. Journal of Marketing, 67, 2 (2003), 1–18.
  • Peterson, D. Deltek: Cybersecurity spending should grow. Washington Post, December 5, 2011. http://www.washingtonpost.com/business/capitalbusiness/deltek-cybersecurity-spending-should-grow/2011/12/05/gIQApTQtiO_story.html ( accessed on June 6, 2012).
  • Podsakoff, P.M.; Ahearne, M.; and MacKenzie, S.B. Organizational citizenship behavior and the quantity and quality of work group performance. Journal of Applied Psychology, 82, 2 (1997), 262–270.
  • Porter, L.W.; Steers, R.M.; Mowday, R.T.; and Boulian, P.V. Organizational commitment, job satisfaction, and turnover among psychiatric technicians. Journal of Applied Psychology, 59, 5 (1974), 603–609.
  • Posey, C.; Lowry, P.B.; Roberts, T.L.; and Ellis, S. Proposing the online community self-disclosure model: The case of working professionals in France and the UK who use online communities. European Journal of Information Systems, 19, 2 (2010), 181–195.
  • Posey, C.; Roberts, T.L.; Lowry, P.B.; and Bennett, R.J. Multiple indicators and multiple causes (MIMIC) models as a mixed-modeling technique: A tutorial and annotated example. Communications of the Association for Information Systems, 36, (2015), 179–204.
  • Posey, C.; Roberts, T.L.; Lowry, P.B.; Bennett, R.J.; and Courtney, J. Insiders’ protection of organizational information assets: Development of a systematics-based taxonomy and theory of diversity for protection-motivated behaviors. MIS Quarterly, 37, 4 (2013), 1189–1210.
  • PWC. PricewaterhouseCoopers 2013. Key findings from the Global State of Information Security Survey 2013. http://www.pwc.com/gx/en/consulting-services/information-security-survey/assets/2013-giss-report.pdf
  • Richardson, H.A.; Simmering, M.J.; and Sturman, M.C. A tale of three perspectives: Examining post hoc statistical techniques for detection and correction of common method variance. Organizational Research Methods, 12, 4 (2009), 762–800.
  • Rippetoe, P.A., and Rogers, R.W. Effects of components of protection-motivation theory on adaptive and maladaptive coping with a health threat. Journal of Personality and Social Psychology, 52, 3 (1987), 596–604.
  • Rogers, R.W. A protection motivation theory of fear appeals and attitude change. Journal of Psychology, 91, 1 (1975), 93–114.
  • Rogers, R.W. Cognitive and physiological processes in fear appeals and attitude change: A revised theory of protection motivation. In J.T. Cacioppo and R.E. Petty (eds.), Social Psychophysiology: A Sourcebook. New York: Guilford, 1983, pp. 153–176.
  • Rogers, R.W., and Prentice-Dunn, S. Protection motivation theory. In D.S. Gochman (ed.), Handbook of Health Behavior Research I: Personal and Social Determinants. New York: Plenum Press, 1997, pp. 113–132.
  • Schein, E.H. How can organizations learn faster? The challenge of entering the green room. Sloan Management Review, 34, 2 (1993), 85–92.
  • Shaw, E.; Ruby, K.G.; and Post, J.M. The insider threat to information systems: The psychology of the dangerous insider. Security Awareness Bulletin, 2–98 (1998), 1–10.
  • Siponen, M.; Mahmood, M.A.; and Pahnila, S. Technical opinion: Are employees putting your company at risk by not following information security policies? Communications of the ACM, 52, 12 (2009), 145–147.
  • Siponen, M.; Pahnila, S.; and Mahmood, A. Factors influencing protection motivation and IS security policy compliance. Paper presented at Innovations in Information Technology, Dubai, U.A.E., November 19–21, 2006, pp. 1–5.
  • Siponen, M.; Pahnila, S.; and Mahmood, A. Employees’ adherence to information security policies: An empirical study. In H. Venter, M. Eloff, L. Labuschagne, J. Eloff, and R. von Solms (eds.), New Approaches for Security, Privacy and Trust in Complex Environments, 232, IFIP International Federation for Information Processing. Boston: Springer, 2007, pp. 133–144.
  • Siponen, M.; Pahnila, S.; and Mahmood, M.A. Compliance with information security policies: An empirical investigation. IEEE Computer, 43, 2 (2010), 64–71.
  • Somers, M.J., and Casal, J.C. Organizational commitment and whistle-blowing a test of the reformer and the organization man hypotheses. Group and Organization Management, 19, 3 (1994), 270–284.
  • Stanton, J.M.; Stam, K.R.; Guzman, I.; and Caldera, C. Examining the linkage between organizational commitment and information security. Paper presented at IEEE International Conference on Systems, Man, and Cybernetics, October 5–8, 2003, pp. 2501–2506.
  • Stanton, J.M.; Stam, K.R.; Mastrangelo, P.M.; and Jolton, J.A. Behavioral information security: An overview, results, and research agenda. In P. Zhang and D.F. Galletta (eds.), Human–Computer Interaction and Management Information Systems: Foundations. Armonk, NY: M.E. Sharpe, 2006, pp. 262–280.
  • Tanner, J.F.; Day, E.; and Crask, M.R. Protection motivation theory: An extension of fear appeals theory in communication. Journal of Business Research, 19, 4 (1989), 267–276.
  • Tanner, J.F.; Hunt, J.B.; and Eppright, D.R. The protection motivation model: A normative model of fear appeals. Journal of Marketing, 55, 3 (1991), 36–45.
  • Tanner, J. F., Jr.; Day, E.; and Crask, M.R. Protection motivation theory: An extension of fear appeals theory in communication. Journal of Business Research, 19, 4 (1989), 267–276.
  • Thomas, J.P.; Whitman, D.S.; and Viswesvaran, C. Employee proactivity in organizations: A comparative meta analysis of emergent proactive constructs. Journal of Occupational and Organizational Psychology, 83, 2 (2010), 275–300.
  • Vance, A.; Lowry, P.B.; and Eggett, D. Using accountability to reduce access policy violations in information systems. Journal of Management Information Systems, 29, 4 (2013), 263–290.
  • Vance, A.; Siponen, M.; and Pahnila, S. How personality and habit affect protection motivation. Paper presented at Association of Information Systems SIGSEC Workshop on Information Security and Privacy (WISP 2009), Phoenix, AZ, December 14, 2009, pp. 1–7.
  • Vance, A.; Siponen, M.; and Pahnila, S. Motivating IS security compliance: Insights from habit and protection motivation theory. Information and Management, 49, 3-4 (2012), 190–198.
  • Wall, J.D.; Palvia, P.; and Lowry, P.B. Control-related motivations and information security policy compliance: The role of autonomy and efficacy. Journal of Information Privacy and Security, 9, 4 (2013), 52–79.
  • Warkentin, M.; Straub, D.; and Malimage, K. Measuring secure behavior: A research commentary. Paper presented at Annual Symposium on Information Assurance and Secure Knowledge Management, Albany, NY, June 5–6, 2012.
  • Welbourne, T.M. Fear: The misunderstood component of organizational transformation. Human Resource Planning, 18, 1 (1995), 30–37.
  • Welbourne, T.M., and Felton, R.W. Improving technology-based change processes: A case study of Indus International. Journal of Strategic Performance Measurement, 2, 2 (1998), 22–25.
  • Whitman, M.E., and Mattord, H.J. Principles of Information Security. 4th ed. Boston: Course Technology, 2012.
  • Williams, L.J., and Anderson, S.E. Job satisfaction and organizational commitment as predictors of organizational citizenship and in-role behaviors. Journal of Management, 17, 3 (1991), 601–617.
  • Willison, R., and Warkentin, M. Beyond deterrence: An expanded view of employee computer abuse. MIS Quarterly, 37, 1 (2013), 1–20.
  • Witte, K. Putting the fear back into fear appeals: The extended parallel process model. Communication Monographs, 59, 4 (1992), 329–349.
  • Witte, K.; Cameron, K.A.; McKeon, J.K.; and Berkowitz, J.M. Predicting risk behaviors: Development and validation of a diagnostic scale. Journal of Health Communication, 1, 4 (1996), 317–342.
  • Wolf, S.; Gregory, W.L.; and Stephan, W.G. Protection motivation theory: Prediction of intentions to engage in anti-nuclear war behaviors. Journal of Applied Social Psychology, 16, 4 (1986), 310–321.
  • Woon, I.; Tan, G.-W.; and Low, R. A protection motivation theory approach to home wireless security. Paper presented at International Conference on Information Systems (ICIS 2005), Las Vegas, December 11–14, 2005.
  • Workman, M. How perceptions of justice affect security attitudes: Suggestions for practitioners and researchers. Information Management and Computer Security, 17, 4 (2009), 341–353.
  • Workman, M.; Bommer, W.H., and Straub, D.W. Security lapses and the omission of information security measures: A threat control model and empirical test. Computers in Human Behavior, 24, 6 (2008), 2799–2816.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.