Do employees in a “good” company comply better with information security policy? A corporate social responsibility perspective
Information Technology & People
ISSN: 0959-3845
Article publication date: 11 October 2018
Issue publication date: 23 September 2019
Abstract
Purpose
The purpose of this paper is to investigate the impact of corporate social responsibility (CSR) on employees’ compliance behavior concerning information security policy (ISP). A research model includes CSR activities as an antecedent of ISP compliance and as a mediator of the relationship between ISP compliance intention and the perceived costs of compliance.
Design/methodology/approach
In total, 162 respondents were surveyed from organizations with more than 500 employees. This study used partial least squares (SmartPLS 3.0) to analyze and examine hypotheses.
Findings
The results show CSR’s influence as a mediator in the context of ISP compliance. In particular, moral CSR can affect employees’ ISP compliance intention positively and fully mediate the relationship between the costs of compliance and ISP compliance intention. Employees would like to comply with ISP when they recognize the benefits of ISP compliance and the costs of ISP noncompliance.
Originality/value
This study examines influential factors on ISP compliance considering cost-benefit factors from rational choice theory. Moreover, the study contributes to ISP compliance research by being the first attempt to consider CSR in an ISP compliance research context. The results provide insights on how to strategically implement CSR activities in terms of organizational information security.
Keywords
Citation
Kim, H.L. and Han, J. (2019), "Do employees in a “good” company comply better with information security policy? A corporate social responsibility perspective", Information Technology & People, Vol. 32 No. 4, pp. 858-875. https://doi.org/10.1108/ITP-09-2017-0298
Publisher
:Emerald Publishing Limited
Copyright © 2018, Emerald Publishing Limited