The role of ethical climates in employee information security policy violations

In the context of information security, the organizational social environment plays an important role in deterring employee violations of the Information Security Policy (ISP). As extant research has not yet determined the role ethical climates may play, this study seeks to understand their influenc...

Full description

Saved in:
Bibliographic Details
Published in:Decision Support Systems 2024-02, Vol.177, p.114086, Article 114086
Main Authors: Yazdanmehr, Adel, Jawad, Muhammad, Benbunan-Fich, Raquel, Wang, Jingguo
Format: Article
Language:English
Subjects:
Friendship-oriented ethical climate
Information security policy violation
Organizational ethical climate
Profit-oriented ethical climate
Rules-oriented ethical climate
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In the context of information security, the organizational social environment plays an important role in deterring employee violations of the Information Security Policy (ISP). As extant research has not yet determined the role ethical climates may play, this study seeks to understand their influence on employee ISP violations. To this end, we classified ISPs into two major categories: those related to communal information technology (IT) resources in the organization, such as databases or software applications, and those related to connective IT resources, such as email or Internet access. Then, we explored how rules-, performance-, and friendship-oriented organizational ethical climates affect ISP violations. Based on a survey of 177 professionals employed in the United States, we found that rules-oriented and friendship-oriented ethical climates deter ISP violations, whereas a performance-oriented one does not. Moreover, rules- and friendship-oriented ethical climates lead to fewer communal ISP violations, while performance-oriented ethical climates lead to more connectivity ISP violations. These findings underscore the importance of considering the type of IT resources that an ISP aims to protect as well as the ethical climate of an organization in order to better understand the causes of ISP violations. •The study examines the influence of ethical climates on employee violations of Information Security Policy (ISP) in information security context.•The study classified ISP violations to communal and connective IT resources and tested various ethical climates effect on these violations.•The study found that rules-based and friendship-based ethical climates deter ISP violations, while a profit-based one does not.
ISSN:0167-9236
DOI:10.1016/j.dss.2023.114086