Examining technostress creators and role stress as potential threats to employees' information security compliance

Abstract This study examined whether employees' security-related stress, i.e., technostress and role stress, in an organizational setting could affect their compliance intention regarding information security. In a survey of 346 employees, it was found that security-related technostress creators in organizations negatively affected employees' organizational commitment, both directly and indirectly through role stress, and further lowered compliance intention regarding information security. In addition, it was found that employees' regulatory focus, i.e., promotion focus, moderated the relationship between technostress creators and role stress. Employees with a high level of promotion focus were more resistant to the adverse effect of technostress creators and thus experienced less role stress. These results suggest directions for organizational strategies to manage and enhance employees' information security compliance.

[1]  R. W. Rogers,et al.  A Protection Motivation Theory of Fear Appeals and Attitude Change1. , 1975, The Journal of psychology.

[2]  William D. Perreault,et al.  A Role Stress Model of the Performance and Satisfaction of Industrial Salespersons , 1984 .

[3]  J. Dawson Moderation in Management Research: What, Why, When, and How , 2014 .

[4]  Varun Grover,et al.  Technostress: Technological Antecedents and Implications , 2011, MIS Q..

[5]  Ryan West,et al.  The psychology of security , 2008, CACM.

[6]  Anna Mette Fuglseth,et al.  The effects of technostress within the context of employee use of ICT , 2014, Comput. Hum. Behav..

[7]  Tejaswini Herath,et al.  Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness , 2009, Decis. Support Syst..

[8]  Craig Brod,et al.  Technostress: The Human Cost Of The Computer Revolution , 1984 .

[9]  Dennis F. Galletta,et al.  What Do Systems Users Have to Fear? Using Fear Appeals to Engender Threats and Fear that Motivate Protective Security Behaviors , 2015, MIS Q..

[10]  Ken H. Guo Security-related behavior in using information systems in the workplace: A review and synthesis , 2013, Comput. Secur..

[11]  Jason Bennett Thatcher,et al.  Interrupting the Workplace: Examining Stressors in an Information Technology Context , 2015, J. Assoc. Inf. Syst..

[12]  Princely Ifinedo,et al.  Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory , 2012, Comput. Secur..

[13]  K. Namasivayam,et al.  The relationship of chronic regulatory focus to work–family conflict and job satisfaction , 2012 .

[14]  Dale Goodhue,et al.  Understanding user evaluations of information systems , 1995 .

[15]  P. M. Podsakoff,et al.  Self-Reports in Organizational Research: Problems and Prospects , 1986 .

[16]  Barbara Wixom,et al.  An Empirical Investigation of the Factors Affecting Data Warehousing Success , 2001, MIS Q..

[17]  H. Marsh,et al.  Structural Equation Models of Latent Interactions: Clarification of Orthogonalizing and Double-Mean-Centering Strategies , 2010 .

[18]  T. DeCotiis,et al.  Organizational Determinants of Job Stress , 1983 .

[19]  Steven Furnell,et al.  Information security conscious care behaviour formation in organizations , 2015, Comput. Secur..

[20]  L. J. Williams,et al.  Job Satisfaction and Organizational Commitment as Predictors of Organizational Citizenship and In-Role Behaviors , 1991 .

[21]  Christian H. Jordan,et al.  Motivation by positive or negative role models: regulatory focus determines who will best inspire us. , 2002, Journal of personality and social psychology.

[22]  I. Nikolaou,et al.  Attitudes Towards Organizational Change: What is the Role of Employees' Stress and Commitment? , 2005 .

[23]  Izak Benbasat,et al.  Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness , 2010, MIS Q..

[24]  Merrill Warkentin,et al.  Fear Appeals and Information Security Behaviors: An Empirical Study , 2010, MIS Q..

[25]  Lyman W. Porter,et al.  Employee-Organization Linkages: The Psychology of Commitment, Absenteeism, and Turnover , 2013 .

[26]  R. Rogers Cognitive and physiological processes in fear appeals and attitude change: a revised theory of prote , 1983 .

[27]  R. K. Jena,et al.  Technostress in ICT enabled collaborative learning environment: An empirical study among Indian academician , 2015, Comput. Hum. Behav..

[28]  E. Higgins Beyond pleasure and pain. , 1997, The American psychologist.

[29]  Maya Tamir,et al.  Don't worry, be happy? Neuroticism, trait-consistent affect regulation, and performance. , 2005, Journal of personality and social psychology.

[30]  Larry D. Rosen,et al.  TechnoStress: Coping with Technology @Work @Home @Play , 1997 .

[31]  Sang M. Lee,et al.  An integrative model of computer abuse based on social control and general deterrence theories , 2004, Inf. Manag..

[32]  P. Bentler,et al.  Comparative fit indexes in structural models. , 1990, Psychological bulletin.

[33]  Kuang-Wei Wen,et al.  Organizations' Information Security Policy Compliance: Stick or Carrot Approach? , 2012, J. Manag. Inf. Syst..

[34]  Scott B. MacKenzie,et al.  Common method biases in behavioral research: a critical review of the literature and recommended remedies. , 2003, The Journal of applied psychology.

[35]  Daejin Kim,et al.  Why not comply with information security? An empirical approach for the causes of non-compliance , 2017, Online Inf. Rev..

[36]  E. Demerouti,et al.  Regulatory focus at work : the moderating role of regulatory focus in the job demands-resources model , 2010 .

[37]  Punam Anand Keller,et al.  Regulatory Focus and Efficacy of Health Messages , 2006 .

[38]  Richard M. Steers Antecedents and outcomes of organizational commitment. , 1977, Administrative science quarterly.

[39]  Monideepa Tarafdar,et al.  Examining impacts of technostress on the professional salesperson's behavioural performance , 2014 .

[40]  I. Ajzen The theory of planned behavior , 1991 .

[41]  C. Fornell,et al.  Evaluating structural equation models with unobservable variables and measurement error. , 1981 .

[42]  Aharon Tziner,et al.  Work stress and turnover intentions among hospital physicians: The mediating role of burnout and work satisfaction , 2015 .

[43]  Mei-yung Leung,et al.  Structural linear relationships between job stress, burnout, physiological stress, and performance of construction project managers , 2011 .

[44]  Joel Brockner,et al.  Regulatory Focus Theory: Implications for the Study of Emotions at Work , 2001 .

[45]  Teodor Sommestad,et al.  Variables influencing information security policy compliance: A systematic review of quantitative studies , 2014, Inf. Manag. Comput. Secur..

[46]  Rathindra Sarathy,et al.  Understanding compliance with internet use policy from the perspective of rational choice theory , 2010, Decis. Support Syst..

[47]  E. B. Andersen,et al.  Modern factor analysis , 1961 .

[48]  Qing Hu,et al.  Does deterrence work in reducing information security policy abuse by employees? , 2011, Commun. ACM.

[49]  Jai-Yeol Son,et al.  Out of fear or desire? Toward a better understanding of employees' motivation to follow IS security policies , 2011, Inf. Manag..

[50]  Mikko T. Siponen,et al.  Motivating IS security compliance: Insights from Habit and Protection Motivation Theory , 2012, Inf. Manag..

[51]  CACM staff In the Virtual Extension , 2011, Commun. ACM.

[52]  Yajiong Xue,et al.  Ensuring Employees' IT Compliance: Carrot or Stick? , 2013, Inf. Syst. Res..

[53]  Tejaswini Herath,et al.  Understanding Employee Responses to Stressful Information Security Requirements: A Coping Perspective , 2014, J. Manag. Inf. Syst..

[54]  R. W. Rogers,et al.  Protection motivation and self-efficacy: A revised theory of fear appeals and attitude change , 1983 .

[55]  L. J. Williams,et al.  An Alternative Approach to Method Effects by Using Latent-Variable Models: Applications in Organizational Behavior Research , 1994 .

[56]  Monideepa Tarafdar,et al.  The Consequences of Technostress for End Users in Organizations: Conceptual Development and Empirical Validation , 2008, Inf. Syst. Res..

[57]  Fatemeh Zahedi,et al.  Individuals' Internet Security Perceptions and Behaviors: Polycontextual Contrasts Between the United States and China , 2016, MIS Q..

[58]  Rossouw von Solms,et al.  An information security knowledge sharing model in organizations , 2016, Comput. Hum. Behav..

[59]  C. Allen Gorman,et al.  A meta-analysis of the regulatory focus nomological network: Work-related antecedents and consequences , 2012 .

[60]  John P. Meyer,et al.  Affective, Continuance, and Normative Commitment to the Organization: An Examination of Construct Validity , 1996, Journal of vocational behavior.

[61]  John P. Meyer,et al.  AFFECTIVE, CONTINUANCE, AND NORMATIVE COMMITMENT TO THE ORGANIZATION: A META-ANALYSIS OF ANTECEDENTS, CORRELATES, AND CONSEQUENCES , 2002 .

[62]  Yufei Yuan,et al.  The effects of multilevel sanctions on information security violations: A mediating model , 2012, Inf. Manag..

[63]  Monideepa Tarafdar,et al.  The Impact of Technostress on Role Stress and Productivity , 2007, J. Manag. Inf. Syst..

[64]  M. Salanova,et al.  The dark side of technologies: technostress among users of information and communication technologies. , 2013, International journal of psychology : Journal international de psychologie.

[65]  M. Jamal Relationship of Job Stress and Type-A Behavior to Employees' Job Satisfaction, Organizational Commitment, Psychosomatic Health Problems, and Turnover Motivation , 1990 .

[66]  K Witte,et al.  Predicting risk behaviors: development and validation of a diagnostic scale. , 1996, Journal of health communication.

[67]  Joshua D. Margolis,et al.  Bringing ethics into focus: How regulatory focus and risk preferences influence (Un)ethical behavior , 2011 .

[68]  A. Murrell,et al.  The impact of negative attitudes toward computers on employees' satisfaction and commitment within a small company , 1993 .

[69]  H. Marsh,et al.  Structural equation models of latent interactions: evaluation of alternative estimation strategies and indicator construction. , 2004, Psychological methods.

[70]  Katie Clark,et al.  Technostressed Out? How to Cope in the Digital Age. , 1996 .

[71]  Indira R. Guzman,et al.  Examining the linkage between organizational commitment and information security , 2003, SMC'03 Conference Proceedings. 2003 IEEE International Conference on Systems, Man and Cybernetics. Conference Theme - System Security and Assurance (Cat. No.03CH37483).

[72]  Kyung Kyu Kim,et al.  Information and communication technology overload and social networking service fatigue: A stress perspective , 2016, Comput. Hum. Behav..