Control-Related Motivations and Information Security Policy Compliance: The Role of Autonomy and Efficacy

UNCG Author/Contributor (non-UNCG co-authors, if there are any, appear on document)
Prashant Palvia, Joe Rosenthal Excellence Professor and Director of the McDowell Research Center for Global IT Management (Creator)
The University of North Carolina at Greensboro (UNCG )
Web Site:

Abstract: Employees' failures to follow information security policy can be costly to organizations, causing organizations to implement security controls to motivate secure behavior. Information security research has explored many control-related motivations (e.g., self-efficacy, response efficacy, and behavioral control) in the context of ISP compliance; however, the behavioral effects of perceptions of autonomous functioning are not well understood in security contexts. This paper examines employee autonomy as a control-related motivation from the lens of self-determination theory and psychological reactance theory. Self-determination theory is widely used in other disciplines to explain intrinsically driven behavior, but has not been applied to security research. Psychological reactance theory is also widely used, but is only beginning to receive attention in security research. Self-determination and psychological reactance offer complementary yet opposite conceptualizations of trait-based autonomy. This paper posits that perceptions of trait-based autonomy influence self-efficacy and response efficacy. Through a survey of government employees, we provide support for several hypotheses. We also discuss important directions for the use of self-determination theory and psychological reactance theory in future research.

Additional Information

Journal of Information Privacy & Security
Language: English
Date: 2013
Self-determination, reactance, efficacy, information security policy

Email this document to