Hits:
Indexed by:Journal Papers
Date of Publication:2019-08-05
Journal:INFORMATION TECHNOLOGY & PEOPLE
Included Journals:SSCI
Volume:32
Issue:4
Page Number:973-992
ISSN No.:0959-3845
Key Words:Moral disengagement; Information security behaviour; Information security policy violation; Organizational ethical climate
Abstract:Purpose The purpose of this paper is to develop a model that integrates moral disengagement (MD) and organizational ethical climate (OEC) to understand information security policy (ISP) violation behavior in the workplace. This study extends prior work by identifying the moderating mechanisms of the ethical culture of OECs in the relationship between employees' MD and ISP violation behavior intention. Design/methodology/approach By using scenario-based survey data from 433 employees in Chinese enterprises and by applying PLS-based structural equation modeling, the authors test a series of hypotheses. Findings Our empirical results highlight that the concept of MD has a significant effect on employees' intention to violate ISPs. The authors also find that the OEC has a moderating role in the relationship between MD and ISP violation intention: the moderating role of law-and-rule-oriented OEC is significantly negative, but instrumentalism-oriented OEC positively moderates this relationship. Originality/value This study contributes to the literature on information security behavior by integrating two ethical theory frameworks MD and OECs into one theoretical model, and it calls attention to how ethical factors at the individual cognition level and organizational climate level work together to influence personal information security behavior. This study provides a new perspective of OEC from which to understand policy violation caused by moral self-regulation failure, and empirically explores its moderating role.