Advanced search
Publication Cover
European Journal of Information Systems Volume 32, 2023 - Issue 6
Submit an article Journal homepage
1,215
Views
4
CrossRef citations to date
0
Altmetric
Research Article

Does stress reduce violation intention? Insights from eustress and distress processes on employee reaction to information security policies

Adel Yazdanmehra Paul H. Chook Department of Information Systems and Statistics, Zicklin School of Business, Baruch College, The City University of New YorkCorrespondence[email protected]
ORCID Iconhttps://orcid.org/0000-0001-6815-2965
ORCID Icon,
Yuan Lib Department of Accounting and Information Management, Haslam College of Business, University of Tennessee, Knoxville, TN, USAORCID Iconhttps://orcid.org/0000-0002-2117-7425
ORCID Icon &
Jingguo Wangc Department of Information Systems and Operations Management, University of Texas at Arlington College of Business Administration, Arlington, TX, USAORCID Iconhttps://orcid.org/0000-0003-2412-4641
ORCID Icon
Pages 1033-1051 | Received 25 Jan 2021, Accepted 23 Jun 2022, Published online: 22 Jul 2022

References

  • Ahmad, U. N. U., Amin, S. M., & Ismail, W. K. W. (2012). The relationship between technostress creators and organisational commitment among academic librarians. Procedia - Social and Behavioral Sciences, 40(6), 182–186. https://doi.org/10.1016/j.sbspro.2012.03.179
  • Ament, C., & Haag, S. (2016). How information security requirements stress employees. In Proceedings of the Thirty Seventh International Conference on Information Systems, Dublin, Ireland. pp. 1–17.
  • Ayyagari, R., Grover, V., & Purvis, R. (2011). Technostress: Technological antecedents and implications. MIS Quarterly, 35(4), 831–858. https://doi.org/10.2307/41409963
  • Bakker, A. B., & Demerouti, E. (2008). Towards a model of work engagement. Career Development International, 13(3), 209–223. https://doi.org/10.1108/13620430810870476
  • Bakker, A. B., Boyd, C. M., Dollard, M., Gillespie, N., Winefield, A. H., & Stough, C. (2010). The role of personality in the job demands-resources model: A study of Australian academic staff. Career Development International, 15(7), 622–636. https://doi.org/10.1108/13620431011094050
  • Bakker, A. B., & Bal, M. P. (2010). Weekly work engagement and performance: A study among starting teachers. Journal of Occupational and Organizational Psychology, 83(1), 189–206. https://doi.org/10.1348/096317909X402596
  • Bala, H., & Venkatesh, V. (2016). Adaptation to information technology: A holistic nomological network from implementation to job outcomes. Management Science, 62(1), 156–179. https://doi.org/10.1287/mnsc.2014.2111
  • Bandura, A. (1977). Self-efficacy: Toward a unifying theory of behavioral change. Psychological Review, 84(2), 191–215. https://doi.org/10.1037/0033-295X.84.2.191
  • Berinsky, A. J., Huber, G. A., & Lenz, G. S. (2012). Evaluating online labor markets for experimental research: Amazon.com’s mechanical Turk. Political Analysis, 20(3), 351–368. https://doi.org/10.1093/pan/mpr057
  • Boswell, W. R., Olson-Buchanan, J. B., & Lepine, M. A. (2004). Relations between stress and work outcomes: The role of the felt challenge, job control, and psychological strain. Journal of Vocational Behavior, 64(1), 165–181. https://doi.org/10.1016/S0001-8791(03)00049-6
  • Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523–548. https://doi.org/10.2307/25750690
  • Burns, A. J. A., Roberts, T. L., Posey, C., & Lowry, P. B. (2019). The adaptive roles of positive and negative emotions in organizational insiders’ security-based precaution taking. Information Systems Research, 30(4), 1228–1247. https://doi.org/10.1287/isre.2019.0860
  • Byrne, B. M. (2013). Structural equation modeling with AMOS: Basic concepts, applications, and programming, second edition. Taylor & Francis Group.
  • Califf, C. B., Sarker, S. S., & Sarker, S. S. (2020). The bright and dark sides of technostress: A mixed-methods study involving healthcare IT. MIS Quarterly, 44(2), 809–856. https://doi.org/10.25300/MISQ/2020/14818
  • Campion, M. A., & Mcclelland, C. L. (1991). Interdisciplinary examination of the costs and benefits of enlarged jobs: A job design quasi-experiment. Journal of Applied Psychology, 76(2), 186–198. https://doi.org/10.1037/0021-9010.76.2.186
  • Carpenter, D., Young, D. K., Maasberg, M., & Mcleod, A. (2017). Predicting IT job satisfaction: Occupational congruence and the job characteristics model. In Proceedings of the Twenty-third Americas Conference on Information Systems, Boston, MA.
  • Cavanaugh, M. A., Boswell, W. R., Roehling, M. V., & Boudreau, J. W. (2000). An empirical examination of self-reported work stress among U S Managers. Journal of Applied Psychology, 85(1), 65–74. https://doi.org/10.1037/0021-9010.85.1.65
  • Chen, D. Q., & Liang, H. (2019). Wishful thinking and IT threat avoidance: An extension to the technology threat avoidance theory. IEEE Transactions on Engineering Management, 66(4), 552–567. https://doi.org/10.1109/TEM.2018.2835461
  • Chen, J. V., Tran, A., & Nguyen, T. (2019). Understanding the discontinuance behavior of mobile shoppers as a consequence of technostress: An application of the stress-coping theory. Computers in Human Behavior, 95(August 2018), 83–93. https://doi.org/10.1016/j.chb.2019.01.022
  • CISA. (2020, November). Insider Threat Mitigation Guide. Cybersecurity & Infrastructure Security Agency. https://www.cisa.gov/insider-threat-mitigation
  • Clarke, S. (2012). The effect of challenge and hindrance stressors on safety behavior and safety outcomes: A meta-analysis. Journal of Occupational Health Psychology, 17(4), 387–397. https://doi.org/10.1037/a0029817
  • Compeau, D. R., & Higgins, C. A. (1995a). Application of social cognitive theory to training for computer skills. Information Systems Research, 6(2), 118–143. https://doi.org/10.1287/isre.6.2.118
  • Compeau, D. R., & Higgins, C. A. (1995b). Computer self-efficacy: Development of a measure and initial test. MIS Quarterly, 19(2), 189–210. https://doi.org/10.2307/249688
  • Cooper, C. L., Dewe, P. J., & O’Driscoll, M. P. (2001). Organizational stress: A review and critique of theory, research, and applications. Sage.
  • Cram, W. A., D’Arcy, J., & Proudfoot, J. G. (2019). Seeing the forest and the trees: A meta-analysis of the antecedents to information security policy compliance. MIS Quarterly, 43(2), 525–554. https://doi.org/10.25300/MISQ/2019/15117
  • D’Arcy, J., Hovav, A., & Galletta, D. (2009). User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Information Systems Research, 20(1), 79–98. https://doi.org/10.1287/isre.1070.0160
  • D’Arcy, J., Herath, T., & Shoss, M. K. (2014). Understanding employee responses to stressful information security requirements: A coping perspective. Journal of Management Information Systems, 31(2), 285–318. https://doi.org/10.2753/MIS0742-1222310210
  • D’Arcy, J., Herath, T., Yim, M.-S., Nam, K., & Rao, H. R. (2018). Employee Moral Disengagement in Response to Stressful Information Security Requirements: A Methodological Replication of a Coping-Based Model. AIS Transactions on Replication Research, 4, 1–18. https://doi.org/10.17705/1atrr.00028
  • D’Arcy, J., & Teh, P.-L.-L. (2019). Predicting employee information security policy compliance on a daily basis: The interplay of security-related stress, emotions, and neutralization. Information and Management, 56(7), 103151. https://doi.org/10.1016/j.im.2019.02.006
  • Den Brande, W., Baillien, E., Vander Elst, T., De Witte, H., & Godderis, L. (2020). Coping styles and coping resources in the work stressors–workplace bullying relationship: A two-wave study. Work and Stress, 34(4), 323–341. https://doi.org/10.1080/02678373.2019.1666433
  • Dickson, B. (2016) Meeting cybersecurity challenges through gamification. Retrieved August 02, 2021, from https://techcrunch.com/2016/03/31/meeting-cybersecurity-challenges-through-gamification
  • Donalds, C., & Osei-Bryson, K.-M. (2017), Exploring the impacts of individual styles on security compliance behavior : A preliminary analysis. In Proceedings Annual Workshop of the AIS Special Interest Group for ICT in Global Development. Association for Information Systems.
  • Donalds, C., & Osei-Bryson, K. M. (2020, November). Cybersecurity compliance behavior: Exploring the influences of individual decision style and other antecedents. International Journal of Information Management, 51(2018), 102056. https://doi.org/10.1016/j.ijinfomgt.2019.102056
  • Donalds, C., & Barclay, C. (2021). Beyond technical measures: A value-focused thinking appraisal of strategic drivers in improving information security policy compliance. European Journal of Information Systems, 31(1), 58–73. https://doi.org/10.1080/0960085X.2021.1978344
  • Falk, R., & Miller, N. (1992). A primer for soft modeling. University of Akron Press.
  • Folkman, S., & Lazarus, R. S. (1980). An analysis of coping in a middle-aged community sample. Journal of Health and Social Behavior, 21(3), 219–239. https://doi.org/10.2307/2136617
  • Folkman, S., & Lazarus, R. S. (1985). If it changes it must be a process. Study of emotion and coping during three stages of a college examination. Journal of Personality and Social Psychology, 48(1), 150–170. https://doi.org/10.1037/0022-3514.48.1.150
  • Folkman, S., Lazarus, R. S., Dunkel-Schetter, C., Delongis, A., & Gruen, R. J. (1986). Dynamics of a stressful encounter: Cognitive appraisal, coping, and encounter outcomes. Journal of Personality and Social Psychology, 50(5), 992–1003. https://doi.org/10.1037/0022-3514.50.5.992
  • Folkman, S., & Lazarus, R. S. (1986). Stress processes and depressive symptomatology. Journal of Abnormal Psychology, 95(2), 107–113. https://doi.org/10.1037/0021-843X.95.2.107
  • Folkman, S., & Moskowitz, J. T. (2000). Positive affect and the other side of coping. American Psychologist, 55(6), 647–654. https://doi.org/10.1037/0003-066X.55.6.647
  • Fornell, C., & Larcker, D. F. (1981). Evaluating structural equation models with unobservable variables and measurement error. Journal of Marketing Research, 18(1), 39–50. https://doi.org/10.1177/002224378101800104
  • Fried, Y., & Ferris, G. R. (1987). The validity of the job characteristics model: A review and meta-analysis. Personnel Psychology, 40(2), 287–321. https://doi.org/10.1111/j.1744-6570.1987.tb00605.x
  • Galluch, P. S., Grover, V., & Thatcher, J. B. (2015). Interrupting the workplace: Examining stressors in an information technology context. Journal of the Association for Information Systems, 16(1), 1–47. https://doi.org/10.17705/1jais.00387
  • Gefen, D., Rigdon, E. E., & Straub, D. (2011). An update and extension to SEM guidelines for administrative and social science research. MIS Quarterly, 35(2), A1–A7. https://doi.org/10.2307/23044042
  • Glanz, K., & Schwartz, M. D. (2008). Stress, coping, and health behavior. In Glanz, K., Rimer, B. K., Lewis, M. L. (Eds). Health Behavior and Health Education: Theory, Research, and Practice, New York: John Wiley & Sons, pp. 211–236.
  • Goel, S., Williams, K., & Dincelli, E. (2017). Got phished? Internet security and human vulnerability. Journal of the Association for Information Systems, 18(1), 22–44. https://doi.org/10.17705/1jais.00447
  • Goodin, D. (2019). Microsoft says mandatory password changing is “ancient and obsolete”. arstechnica.com. https://arstechnica.com/information-technology/2019/06/microsoft-says-mandatory-password-changing-is-ancient-and-obsolete
  • Guo, K. H., Yuan, Y., Archer, N. P., & Connelly, C. E. (2011). Understanding nonmalicious security violations in the workplace: A composite behavior model. Journal of Management Information Systems, 28(2), 203–236. https://doi.org/10.2753/MIS0742-1222280208
  • Guo, K. H., & Yuan, Y. (2012). The effects of multilevel sanctions on information security violations: A mediating model. Information and Management, 49(6), 320–326. https://doi.org/10.1016/j.im.2012.08.001
  • Gutierrez, L. M. (1994). Beyond coping: An empowerment emotional helplessness and empowerment. Journal of Sociology and Social Welfare, 21(3), 201. https://scholarworks.wmich.edu/jssw/vol21/iss3/1This
  • Hackman, J. R. (1980). Work redesign and motivation. Professional Psychology, 11(3), 445–455. https://doi.org/10.1037/0735-7028.11.3.445
  • Hair, J. F., Black, W. C., Babin, B. J., & Anderson, R. E. (2009). Multivariate data analysis. Prentice Hall.
  • Hancock, J. (2020). The psychology of human error: Understand the mistakes that compromise your company’s cybersecurity.Tessian Research.
  • Hargrove, M. B., Quick, J. C., Nelson, D. L., & Quick, J. D. (2011). The theory of preventive stress management: A 33-year review and evaluation. Stress and Health, 27(3), 182–193. https://doi.org/10.1002/smi.1417
  • Hargrove, M. B., Nelson, D. L., & Cooper, C. L. (2013). Generating eustress by challenging employees. Helping people savor their work. Organizational Dynamics, 42(1), 61–69. https://doi.org/10.1016/j.orgdyn.2012.12.008
  • Henrich, J., Heine, S. J., & Norenzayan, A. (2010). The weirdest people in the world? Behavioral and Brain Sciences, 33(2–3), 61–83. https://doi.org/10.1017/S0140525X0999152X
  • Herath, T., & Rao, H. R. (2009a). Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness. Decision Support Systems, 47(2), 154–165. https://doi.org/10.1016/j.dss.2009.02.005
  • Herath, T., & Rao, H. R. (2009b). Protection motivation and deterrence: A framework for security policy compliance in organisations. European Journal of Information Systems, 18(2), 106–125. https://doi.org/10.1057/ejis.2009.6
  • Holahan, C. J., & Moos, R. H. (1987). Personal and contextual determinants of coping strategies. Journal of Personality and Social Psychology, 52(5), 946–955. https://doi.org/10.1037/0022-3514.52.5.946
  • Holahan, C. J., & Moos, R. H. (1991). Life stressors, personal and social resources, and depression: A 4-year structural model. Journal of Abnormal Psychology, 100(1), 31–38. https://doi.org/10.1037/0021-843X.100.1.31
  • Hovav, A., & D’Arcy, J. (2012). Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the U.S. and South Korea. Information and Management, 49(2), 99–110. https://doi.org/10.1016/j.im.2011.12.005
  • Hu, L.-T., & Bentler, P. (1999). Cutoff criteria for fit indexes in covariance structure analysis: Conventional criteria versus new alternatives, structural equation modeling. Structural Equation Modeling: A Multidisciplinary Journal, 6(1), 1–55. https://doi.org/10.1080/10705519909540118
  • Hwang, I., & Cha, O. (2018). Examining technostress creators and role stress as potential threats to employees’ information security compliance. Computers in Human Behavior, 81(April), 282–293. https://doi.org/10.1016/j.chb.2017.12.022
  • Kline, R. B. (2005). Principles and practice of structural equation modeling. Guilford publications.
  • Lazarus, R. S., & Folkman, S. (1984a). Coping and adaptation. In Gentry, W. Doyle(Ed.). The handbook of behavioral medicine (pp. 282–325). Guilford Press.
  • Lazarus, R. S., & Folkman, S. (1984b). Stress, appraisal and coping. Springer Publishing Company.
  • Lazarus, R. S. (1991a). Emotion and adaptation. Oxford University Press.
  • Lazarus, R. S. (1991b). Progress on a cognitive-motivational-relational theory of emotion. American Psychologist, 46(8), 819–834. https://doi.org/10.1037/0003-066X.46.8.819
  • Lepine, J. A., Lepine, M. A., & Jackson, C. L. (2004). Challenge and hindrance stress: Relationships with exhaustion, motivation to learn, and learning performance. Journal of Applied Psychology, 89(5), 883–891. https://doi.org/10.1037/0021-9010.89.5.883
  • Lepine, J. A., Podsakoff, N. P., & Lepine, M. A. (2005). A meta-analytic test of the challenge stressor–hindrance stressor framework: An explanation for inconsistent relationships among stressors and performance. Academy of Management Journal, 48(5), 764–775. https://doi.org/10.5465/amj.2005.18803921
  • Li, H., Luo, X. (Robert), Zhang, J., & Sarathy, R. (2018). Self-control, organizational context, and rational choice in Internet abuses at work. Information and Management, 55(3), 358–367. https://doi.org/10.1016/j.im.2017.09.002
  • Liang, L., & Xue, X. (2009). Avoidance of information technology threats: A theoretical perspective. MIS Quarterly, 33(1), 71–90. https://doi.org/10.2307/20650279
  • Liang, H., & Xue, Y. (2010). Understanding security behaviors in personal computer usage: A threat avoidance perspective. Journal of the Association for Information Systems, 11(7), 394–413. https://doi.org/10.17705/1jais.00232
  • Liang, H., Xue, Y., Pinsonneault, A., & Wu, Y. (2019). When users do besides problem-focused coping when facing IT security threats: An emotion-focused coping perspective. MIS Ouarterly, 43(2), 1–22. https://doi.org/10.25300/MISQ/2019/14360
  • Lowry, P. B., D’Arcy, J., Hammer, B., & Moody, G. D. (2016). “Cargo Cult” science in traditional organization and information systems survey research: A case for using nontraditional methods of data collection, including Mechanical Turk and online panels. The Journal of Strategic Information Systems, 25(3), 232–240. https://doi.org/10.1016/j.jsis.2016.06.002
  • Mccall, M. W., Lombardo, M. M., & Morrison, A. M. (1988). The lessons of experience: How successful executives develop on the job. Lexington, MA:Lexington Books.
  • Mende, M., Scott, M. L., Bitner, M. J., & Ostrom, A. L. (2017). Activating consumers for better service coproduction outcomes through eustress: The interplay of firm-assigned workload, service literacy, and organizational support. Journal of Public Policy & Marketing, 36(1), 137–155. https://doi.org/10.1509/jppm.14.099
  • Ng, B.-Y., Kankanhalli, A., & Xu, Y. (Calvin). (2009). Studying users‘ computer security behavior: A health belief perspective. Decision Support Systems, 46(4), 815–825. https://doi.org/10.1016/j.dss.2008.11.010
  • Peace, A., Galletta, D., & Thong, J. (2003). Software piracy in the workplace: A model and empirical test. Journal of Management Information Systems, 20(1), 153–177. https://doi.org/10.1080/07421222.2003.11045759
  • Pearsall, M. J., Ellis, A. P. J., & Stein, J. H. (2009). Coping with challenge and hindrance stressors in teams: Behavioral, cognitive, and affective outcomes. Organizational Behavior and Human Decision Processes, 109(1), 18–28. https://doi.org/10.1016/j.obhdp.2009.02.002
  • Pham, H.-C., El-Den, J., & Richardson, J. (2016). Stress-based security compliance model – An exploratory study. Information and Computer Security, 24(4), 326–347. https://doi.org/10.1108/ICS-10-2014-0067
  • Podsakoff, N. P. (2007). Challenge and hindrance stressors in the workplace: Tests of linear, curvilinear, and moderated relationships with employee strains, satisfaction, and performance. University of Florida.
  • Podsakoff, N. P., Lepine, J. A., & Lepine, M. A. (2007). Differential challenge stressor-hindrance stressor relationships with job attitudes, turnover intentions, turnover, and withdrawal behavior: A meta-analysis. Journal of Applied Psychology, 92(2), 438–454. https://doi.org/10.1037/0021-9010.92.2.438
  • Proofpoint. (2022). Ponemon cost of insider threats report global report. https://www.proofpoint.com/us/resources/threat-reports/cost-of-insider-threats
  • Quick, J. C., Wright, T. A., Adkins, J. A., Nelson, D. L., & Quick, J. D. (1997). Preventive stress management in organizations. American Psychological Association.
  • Rodell, J. B., & Judge, T. A. (2009). Can “good” stressors spark “bad” behaviors? The mediating role of emotions in links of challenge and hindrance stressors with citizenship and counterproductive behaviors. Journal of Applied Psychology, 94(6), 1438–1451. https://doi.org/10.1037/a0016752
  • Schell, J. (2008). The art of game design: A book of lenses. Morgan Kaufmann Publishers.
  • Selye, H. (1982). History and present status of the stress concept. In Goldberger, L., Breznitz, S.(Eds). Handbook of stress (pp. 7–17). Free Press.
  • Shen, Y. E. (2009). Relationships between self-efficacy, social support and stress coping strategies in Chinese primary and secondary school teachers. Stress and Health, 25(2), 129–138. https://doi.org/10.1002/smi.1229
  • Simmons, B. L., & Nelson, D. L. (2007). Eustress at work: Extending the holistic stress model. In Nelson, D.L., Cooper, C.L.(Eds.). Positive organizational behavior. pp.40–53. Thousand Oaks, CA: SAGE.
  • Siponen, M., & Vance, A. (2010). Neutralization: New insights into the problem of employee information systems security policy violations. MIS Quarterly, 34(3), 487–502. https://doi.org/10.2307/25750688
  • Srivastava, R., & Sager, J. K. (1999). Influence of personal characteristics on salespeople’s coping style. Journal of Personal Selling & Sales Management, 19(2), 47–57. https://www.jstor.org/stable/40471721
  • Srivastava, S. C., Chandra, S., & Shirish, A. (2015). Technostress creators and job outcomes: Theorising the moderating influence of personality traits. Information Systems Journal, 25(4), 355–401. https://doi.org/10.1111/isj.12067
  • Tarafdar, M., Pullins, E. B., & Ragu-Nathan, T. S. (2015). Technostress: Negative effect on performance and possible mitigations. Information Systems Journal, 25(2), 103–132. https://doi.org/10.1111/isj.12042
  • Vance, A., Lowry, P. B., & Eggett, D. L. (2015). Increasing accountability through user-interface design artifacts: A new approach to addressing the problem of access-policy violations. MIS Quarterly, 39(3), 345–366. https://doi.org/10.25300/MISQ/2015/39.2.04
  • Verizon. (2021). 2021 data breach investigations report.
  • Wang, J., Chen, R., Herath, T., & Rao, H. R. (2009). Visual e-mail authentication and identification services: An investigation of the effects on e-mail use. Decision Support Systems, 48(1), 92–102. https://doi.org/10.1016/j.dss.2009.06.012
  • Wang, J., Yang, Z., & Bhattacharjee, S. (2011). Same coin, different sides: Differential impact of social learning on two facets of music piracy. Journal of Management Information Systems, 28(3), 343–384. https://doi.org/10.2753/MIS0742-1222280310
  • Wang, J., Li, Y., & Rao, H. R. (2017). Coping responses in phishing detection: An investigation of antecedents and consequences. Information Systems Research, 28(2), 378–396. https://doi.org/10.1287/isre.2016.0680
  • Willison, R., Warkentin, M., & Johnston, A. C. (2018). Examining employee computer abuse intentions: Insights from justice, deterrence and neutralization perspectives. Information Systems Journal, 28(2), 266–293. https://doi.org/10.1111/isj.12129
  • Workman, M., Bommer, W. H., & Straub, D. (2008). Security lapses and the omission of information security measures: A threat control model and empirical test. Computers in Human Behavior, 24(6), 2799–2816. https://doi.org/10.1016/j.chb.2008.04.005

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.