File Download

There are no files associated with this item.

  Links for fulltext
     (May Require Subscription)
Supplementary

Article: Leveraging fairness and reactance theories to deter reactive computer abuse following enhanced organisational information security policies: An empirical study of the influence of counterfactual reasoning and organisational trust

TitleLeveraging fairness and reactance theories to deter reactive computer abuse following enhanced organisational information security policies: An empirical study of the influence of counterfactual reasoning and organisational trust
Authors
KeywordsFairness theory (FT)
Security education, training, and awareness (SETA)
Security
Reactive computer abuse (CA)
Reactance theory (RT)
Organisational trust
Organisation communication
Explanation adequacy (EA)
Deterrence theory (DT)
Deterrence
Counterfactual reasoning
Issue Date2015
Citation
Information Systems Journal, 2015, v. 25, n. 3, p. 193-273 How to Cite?
Abstract© 2015 Wiley Publishing Ltd.Research shows that organisational efforts to protect their information assets from employee security threats do not always reach their full potential and may actually encourage the behaviours they attempt to thwart, such as reactive computer abuse (CA). To better understand this dilemma, we use fairness theory (FT) and reactance theory (RT) to explain why employees may blame organisations for and retaliate against enhanced information security policies (ISPs). We tested our model with 553 working professionals and found support for most of it. Our results show that organisational trust can decrease reactive CA. FT suggests that explanation adequacy (EA) is an important factor that builds trust after an event. Our results also suggest that trust both fully mediates the relationship between EA and CA and partially mediates the relationship between perceived freedom restrictions related to enhanced ISPs and reactive CA. EA also had a strong negative relationship with freedom restrictions. Moreover, organisational security education, training and awareness (SETA) initiatives decreased the perceptions of external control and freedom restrictions and increased EA, and advance notification of changes increased EA. We also included 14 control variables and rival explanations to determine with more confidence what drove reactive CA in our context. Notably, the deterrence theory (DT)-based constructs of sanction severity, certainty and celerity had no significant influence on reactive CA. We provide support for the importance of respectful communication efforts and SETA programmes, coupled with maximising employee rights and promoting trust and fairness to decrease reactive CA. These efforts can protect organisations from falling victim to their own organisational security efforts.
Persistent Identifierhttp://hdl.handle.net/10722/233748
ISSN
2015 Impact Factor: 2.522
2015 SCImago Journal Rankings: 1.575

 

DC FieldValueLanguage
dc.contributor.authorLowry, Paul Benjamin-
dc.contributor.authorPosey, Clay-
dc.contributor.authorBennett, Rebecca (Becky) J-
dc.contributor.authorRoberts, Tom L.-
dc.date.accessioned2016-09-27T07:21:32Z-
dc.date.available2016-09-27T07:21:32Z-
dc.date.issued2015-
dc.identifier.citationInformation Systems Journal, 2015, v. 25, n. 3, p. 193-273-
dc.identifier.issn1350-1917-
dc.identifier.urihttp://hdl.handle.net/10722/233748-
dc.description.abstract© 2015 Wiley Publishing Ltd.Research shows that organisational efforts to protect their information assets from employee security threats do not always reach their full potential and may actually encourage the behaviours they attempt to thwart, such as reactive computer abuse (CA). To better understand this dilemma, we use fairness theory (FT) and reactance theory (RT) to explain why employees may blame organisations for and retaliate against enhanced information security policies (ISPs). We tested our model with 553 working professionals and found support for most of it. Our results show that organisational trust can decrease reactive CA. FT suggests that explanation adequacy (EA) is an important factor that builds trust after an event. Our results also suggest that trust both fully mediates the relationship between EA and CA and partially mediates the relationship between perceived freedom restrictions related to enhanced ISPs and reactive CA. EA also had a strong negative relationship with freedom restrictions. Moreover, organisational security education, training and awareness (SETA) initiatives decreased the perceptions of external control and freedom restrictions and increased EA, and advance notification of changes increased EA. We also included 14 control variables and rival explanations to determine with more confidence what drove reactive CA in our context. Notably, the deterrence theory (DT)-based constructs of sanction severity, certainty and celerity had no significant influence on reactive CA. We provide support for the importance of respectful communication efforts and SETA programmes, coupled with maximising employee rights and promoting trust and fairness to decrease reactive CA. These efforts can protect organisations from falling victim to their own organisational security efforts.-
dc.languageeng-
dc.relation.ispartofInformation Systems Journal-
dc.subjectFairness theory (FT)-
dc.subjectSecurity education, training, and awareness (SETA)-
dc.subjectSecurity-
dc.subjectReactive computer abuse (CA)-
dc.subjectReactance theory (RT)-
dc.subjectOrganisational trust-
dc.subjectOrganisation communication-
dc.subjectExplanation adequacy (EA)-
dc.subjectDeterrence theory (DT)-
dc.subjectDeterrence-
dc.subjectCounterfactual reasoning-
dc.titleLeveraging fairness and reactance theories to deter reactive computer abuse following enhanced organisational information security policies: An empirical study of the influence of counterfactual reasoning and organisational trust-
dc.typeArticle-
dc.description.natureLink_to_subscribed_fulltext-
dc.identifier.doi10.1111/isj.12063-
dc.identifier.scopuseid_2-s2.0-84926407439-
dc.identifier.volume25-
dc.identifier.issue3-
dc.identifier.spage193-
dc.identifier.epage273-
dc.identifier.eissn1365-2575-

Export via OAI-PMH Interface in XML Formats


OR


Export to Other Non-XML Formats