What Drives Information Security Policy Violations among Banking Employees?: Insights from Neutralization and Social Exchange Theory

  title={What Drives Information Security Policy Violations among Banking Employees?: Insights from Neutralization and Social Exchange Theory},
  author={Pei-Lee Teh and Pervaiz Khalid Ahmed and John D'Arcy},
  journal={J. Glob. Inf. Manag.},
Employees' information security policy ISP violations are a major problem that plagues organizations worldwide, particularly in the banking/financial sector. Research shows that employees use neutralization techniques to rationalize their ISP violating behaviors; it is therefore important to understand what leads to and influences these neutralization techniques. The authors' study draws upon social exchange theory to develop a set of factors that drive employees' neutralization of ISP… 
What Drives Information Security Policy Violations among Banking Employees ? : Insights from Neutralization and Social Exchange Theory
This study examines the applicability of the Thong, Yap, and Raman (1996) model of information systems (IS) effectiveness tested among Singaporean small businesses in a Canadian context. The model
Examining employee security violations: moral disengagement and its environmental influences
The results suggest that security policy awareness (PA) plays a central role in reducing MD of security policy violations and that the certainty of punishment and immediacy of enforcing penalties are instrumental toward reducing such MD; however, the higher severity of penalties does not have an influence.
Understanding Employee Information Security Policy Compliance from Role Theory Perspective
ABSTRACT Previous research indicated security-related stress at the workplace accounts for employee non-compliant behavior with information security policy (ISP). Drawing on the role theory, we
Organizational information security policies: a review and research framework
A research framework is outlined that synthesizes the construct linkages within the current literature and identifies a series of gaps and draw on additional theoretical perspectives to propose a revised framework that can be used as a basis for future research.
Combatting the Neutralization of Security Policy Violations: Insights from the Healthcare Sector
A theoretical model linking the quality of relational ties to coping responses and information security policy violations is proposed and evidence that factors like sharing the same goal and mutual respect can significantly reduce the usage of neutralization techniques is provided.
The role of abusive supervision and organizational commitment on employees' information security policy noncompliance intention
It is demonstrated that abusive supervision has a significant, negative impact on affective, normative and continuance commitment, and the three dimensions of organizational commitment are negatively associated with employees' ISP noncompliance intention.
Factors Affecting Employee Intentions to Comply With Password Policies
Examination of the relationship between employees’ attitudes towards password policies, information security awareness, password self-efficacy, and employee intentions to comply with password policies suggested that a reduction in security breaches may promote more public confidence in organizational information systems.
"I do it because they do it": Social-Neutralisation in Information Security Practices of Saudi Medical Interns
It is found that trust between medical team members is an essential social facilitator that motivates MI’s to invoke neutralisation techniques to justify violating ISP policies and controls.
Escalation of commitment as an antecedent to noncompliance with information security policy
This study is the first to tackle escalation of commitment theories and use antecedents that explain the effect of lost assets, such as time, effort and other resources can also explain noncompliance with ISP in terms of the value conflicts, where employees would often choose to forego compliance at the expense of finishing their tasks.


Neutralization: New Insights into the Problem of Employee Systems Security Policy Violations
This article shows that neutralization theory, a theory prominent in Criminology but not yet applied in the context of IS, provides a compelling explanation for IS security policy violations and offers new insight into how employees rationalize this behavior.
Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness
The results show that an employee's intention to comply with the ISP is significantly influenced by attitude, normative beliefs, and self-efficacy to comply, and the role of ISA and compliance-related beliefs in an organization's efforts to encourage compliance is shed.
Security culture and the employment relationship as drivers of employees' security compliance
The results provide empirical support for security culture as a driver of employees’ security compliance in the workplace and provide one of the few empirical validations of security culture.
Protection motivation and deterrence: a framework for security policy compliance in organisations
An Integrated Protection Motivation and Deterrence model of security policy compliance under the umbrella of Taylor-Todd's Decomposed Theory of Planned Behaviour is developed and it is found that employees in the sample underestimate the probability of security breaches.
What levels of moral reasoning and values explain adherence to information security rules? An empirical study
The proposed theoretical model is a theoretical model that explains non-compliance in terms of moral reasoning and values and integrates two well-known psychological theories: the Theory of Cognitive Moral Development by Kohlberg and the theory of Motivational Types of Values by Schwartz.
Improving Employees' Compliance Through Information Systems Security Training: An Action Research Study
This study proposes a training program based on two theories: the universal constructive instructional theory and the elaboration likelihood model and validate the training program for IS security policy compliance training through an action research project.
Unethical Information Security Behavior and Organizational Commitment
In this article, we investigate the relationships between unethical behaviors from the viewpoint of information security and organizational commitment by using micro data collected from the survey
Variables influencing information security policy compliance: A systematic review of quantitative studies
A systematic review of empirical studies described in extant literature found 29 studies meeting its inclusion criterion and identified variables that influence compliance with information security policies of organizations and how important these variables are.