To read this content please select one of the options below:

Ensuring employees' information security policy compliance by carrot and stick: the moderating roles of organizational commitment and gender

Chenhui Liu (School of Management, Xi'an Jiaotong University, Xi'an, China) (ERC for Process Mining of Manufacturing Services in Shaanxi Province, Xi'an, China)
Huigang Liang (Fogelman College of Business and Economics, University of Memphis, Memphis, Tennessee, USA)
Nengmin Wang (School of Management, Xi'an Jiaotong University, Xi'an, China) (ERC for Process Mining of Manufacturing Services in Shaanxi Province, Xi'an, China)
Yajiong Xue (College of Business, East Carolina University, Greenville, North Carolina, USA)

Information Technology & People

ISSN: 0959-3845

Article publication date: 12 March 2021

Issue publication date: 28 March 2022

1525

Abstract

Purpose

Employees’ information security policy (ISP) compliance exerts a significant strain on information security management. Drawing upon the compliance theory and control theory, this study attempts to examine the moderating roles of organizational commitment and gender in the relationships between reward/punishment expectancy and employees' ISP compliance.

Design/methodology/approach

Using survey data collected from 310 employees in Chinese organizations that have formally adopted information security policies, the authors applied the partial least square method to test hypotheses.

Findings

Punishment expectancy positively affects ISP compliance, but reward expectancy has no significant impact on ISP compliance. Compared with committed employees, both reward expectancy and punishment expectancy have stronger impacts on low-commitment employees' ISP compliance. As for gender differences, punishment expectancy exerts a stronger effect on females' ISP compliance than it does on males.

Originality/value

By investigating the moderating roles of organizational commitment and gender, this paper offers a deeper understanding of reward and punishment in the context of ISP compliance. The findings reveal that efforts in building organizational commitment will reduce the reliance on reward and punishment, and further controls rather than the carrot and stick should be applied to ensure male employees' ISP compliance.

Keywords

Acknowledgements

This research is supported by the National Natural Science Foundation of China under Grant 71732006 and the National Key R&D Program of China under Grant 2019YFB1704103.

Citation

Liu, C., Liang, H., Wang, N. and Xue, Y. (2022), "Ensuring employees' information security policy compliance by carrot and stick: the moderating roles of organizational commitment and gender", Information Technology & People, Vol. 35 No. 2, pp. 802-834. https://doi.org/10.1108/ITP-09-2019-0452

Publisher

:

Emerald Publishing Limited

Copyright © 2021, Emerald Publishing Limited

Related articles