How Paternalistic Leaders Motivate Employees' Information Security Policy Compliance? Building Climate or Applying Sanctions

This paper studies the influencing mechanisms of Paternalistic Leadership in motivating employees’ Information Security Polices Compliance. We proposed that Sanctions and Information Security Climate can mediate the impact of different PL dimensions. Based on survey data from 760 participants, we found that, for different PL dimension, their influencing mechanism are different. The impact of AL dimension is partially mediated by employees’ perception of the Sanction, while the impact of BL dimension and ML dimension are partially mediated by employees’ perception of the Information Security Climate. Our research extends the existing literature by introducing the impact of specific leadership styles on employees’ ISP Compliance and discovering the mediating role of Sanction and Information Security Climate. New knowledge is also found about how each PL dimension affects employees’ Compliance in the information security context.

[1]  Steven Kelman,et al.  “Hard,” “Soft,” or “Tough Love” Management: What Promotes Successful Performance in a Cross-Organizational Collaboration? , 2016 .

[2]  Gül Selin Erben,et al.  The Relationship Between Paternalistic Leadership and Organizational Commitment: Investigating the Role of Climate Regarding Ethics , 2008 .

[3]  Izak Benbasat,et al.  Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness , 2010, MIS Q..

[4]  Bor-Shiuan Cheng,et al.  A Triad Model of Paternalistic Leadership: Constructs and Measurement , 2000 .

[5]  Dennis F. Galletta,et al.  Software Piracy in the Workplace: A Model and Empirical Test , 2003, J. Manag. Inf. Syst..

[6]  Robert E. Crossler,et al.  An Extended Perspective on Individual Security Behaviors: Protection Motivation Theory and a Unified Security Practices (USP) Instrument , 2014, DATB.

[7]  D. Zohar,et al.  Climate as a social-cognitive construction of supervisory safety practices: scripts as proxy of behavior patterns. , 2004, The Journal of applied psychology.

[8]  Marshall Schminke,et al.  Assembling Fragments Into a Lens: A Review, Critique, and Proposed Research Agenda for the Organizational Work Climate Literature , 2009 .

[9]  Zeynep Aycan,et al.  Impact of Culture on Human Resource Management Practices: A 10-Country Comparison Влияние культуры на практику HR-менеджмента: сравнение 10 стран , 2000 .

[10]  Tamara Dinev,et al.  Managing Employee Compliance with Information Security Policies: The Critical Role of Top Management and Organizational Culture , 2012, Decis. Sci..

[11]  Lawrence R. James,et al.  Organizational climate: A review of theory and research. , 1974 .

[12]  Bor-Shiuan Cheng,et al.  A Cultural Analysis of Paternalistic Leadership in Chinese Organizations , 2000 .

[13]  S. Clarke The relationship between safety climate and safety performance: a meta-analytic review. , 2006, Journal of occupational health psychology.

[14]  Dov Zohar,et al.  Thirty years of safety climate research: reflections and future directions. , 2010, Accident; analysis and prevention.

[15]  Mark A. Griffin,et al.  How leaders differentially motivate safety compliance and safety participation: The role of monitoring, inspiring, and learning , 2013 .

[16]  Kuang-Wei Wen,et al.  Organizations' Information Security Policy Compliance: Stick or Carrot Approach? , 2012, J. Manag. Inf. Syst..

[17]  W. Ouchi,et al.  Organizational Control: Two Functions. , 1975 .

[18]  Merrill Warkentin,et al.  An Enhanced Fear Appeal Rhetorical Framework: Leveraging Threats to the Human Asset Through Sanctioning Rhetoric , 2015, MIS Q..

[19]  Kathryn Mearns,et al.  Measuring safety climate: identifying the common features☆ , 2000 .

[20]  Eijiroh Ohki,et al.  Information security governance framework , 2009, WISG '09.

[21]  B. Cheng,et al.  Effectiveness of a moral and benevolent leader: Probing the interactions of the dimensions of paternalistic leadership , 2009 .

[22]  Timothy R. Hinkin,et al.  An examination of "nonleadership": from laissez-faire leadership to leader reward omission and punishment omission. , 2008, The Journal of applied psychology.

[23]  S. Clarke An integrative model of safety climate: Linking psychological climate and work attitudes to individual safety outcomes using meta-analysis. , 2010 .

[24]  Xu Huang,et al.  The Janus face of paternalistic leaders: Authoritarianism, benevolence, subordinates' organization‐based self‐esteem, and performance , 2013 .

[25]  Bor-Shiuan Cheng,et al.  Paternalistic Leadership and Subordinate Responses: Establishing a Leadership Model in Chinese Organizations , 2007 .

[26]  Yan Zhang,et al.  Paternalistic leadership and employee voice in China: A dual process model , 2015 .

[27]  A. Calabrò,et al.  Paternalistic leadership in family firms: Types and implications for intergenerational succession , 2014 .

[28]  D. Zohar Modifying supervisory practices to improve subunit safety: a leadership-based intervention model. , 2002, The Journal of applied psychology.

[29]  D. Zohar Safety climate in industrial organizations: theoretical and applied implications. , 1980, The Journal of applied psychology.

[30]  Yu-Chi Wu,et al.  Multidimensional Relationships between Paternalistic Leadership and Perceptions of Organizational Ethical Climates , 2012, Psychological reports.

[31]  A. Neal,et al.  The impact of organizational climate on safety climate and individual behavior , 2000 .

[32]  Terri A. Scandura,et al.  Leader–member exchange (LMX), paternalism, and delegation in the Turkish business culture: An empirical investigation , 2006 .

[33]  Dan Jong Kim,et al.  A Path to Successful Management of Employee Security Compliance: An Empirical Study of Information Security Climate , 2014, IEEE Transactions on Professional Communication.

[34]  Vimala Balakrishnan,et al.  Indirect effect of management support on users’ compliance behaviour towards information security policies , 2018, Health information management : journal of the Health Information Management Association of Australia.

[35]  Dennis F. Galletta,et al.  User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach , 2009, Inf. Syst. Res..

[36]  William H. Bommer,et al.  Relationships between leader reward and punishment behavior and subordinate attitudes, perceptions, and behaviors: A meta-analytic review of existing and new research , 2006 .

[37]  B. Bass,et al.  Predicting unit performance by assessing transformational and transactional leadership. , 2003, The Journal of applied psychology.

[38]  Vince Bruno,et al.  Investigating the Formation of Information Security Climate Perceptions with Social Network Analysis: A Research Proposal , 2015, PACIS.

[39]  T. Scandura,et al.  Paternalistic Leadership: A Review and Agenda for Future Research , 2008 .

[40]  D. Zohar The effects of leadership dimensions, safety climate, and assigned priorities on minor injuries in work groups , 2002 .

[41]  Anat Hovav,et al.  Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the U.S. and South Korea , 2012, Inf. Manag..

[42]  J. Gibbs Crime, punishment, and deterrence , 1975 .

[43]  Detmar W. Straub,et al.  Effective IS Security: An Empirical Study , 1990, Inf. Syst. Res..

[44]  L. Gratton,et al.  Soft and Hard Models of Human Resource Management: A Reappraisal , 1997 .

[45]  Simon C. H. Chan,et al.  Paternalistic leadership and employee voice: Does information sharing matter? , 2014 .

[46]  Tejaswini Herath,et al.  Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness , 2009, Decis. Support Syst..

[47]  Helen Pluuta,et al.  Organizational Behavior and Human Decision Processes , 2019 .

[48]  W. Ouchi The Relationship Between Organizational Structure and Organizational Control. , 1977 .

[49]  W. Reynolds Development of reliable and valid short forms of the marlowe-crowne social desirability scale , 1982 .

[50]  Irene M. Y. Woon,et al.  Forthcoming: Journal of Information Privacy and Security , 2022 .

[51]  Sheng-Pao Shih,et al.  Investigate the Effects of Information Security Climate and Psychological Ownership on Information Security Policy Compliance , 2015, PACIS.

[52]  H. Raghav Rao,et al.  Protection motivation and deterrence: a framework for security policy compliance in organisations , 2009, Eur. J. Inf. Syst..