Peers matter: The moderating role of social influence on information security policy compliance

UNCG Author/Contributor (non-UNCG co-authors, if there are any, appear on document)
Zhiyong Yang, Professor and Department Head (Creator)
The University of North Carolina at Greensboro (UNCG )
Web Site:

Abstract: Information security in an organization largely depends on employee compliance with information security policy (ISP). Previous studies have mainly explored the effects of command-and-control and self-regulatory approaches on employee ISP compliance. However, how social influence at both individual and organizational levels impacts the effectiveness of these two approaches has not been adequately explored. This study proposes a social contingency model in which a rules-oriented ethical climate (employee perception of a rules-adherence environment) at the organizational level and susceptibility to interpersonal influence (employees observing common practices via peer interactions) at the individual level interact with both command-and-control and self-regulatory approaches to affect ISP compliance. Using employee survey data, we found that these two social influence factors weaken the effects of both command-and-control and self-regulatory approaches on ISP compliance. Theoretical and practical implications are also discussed.

Additional Information

Information Systems Journal, 30, 791–844
Language: English
Date: 2020
command-and-control approach, information security policy compliance, rules-oriented ethical climate, self-regulatory approach, susceptibility to interpersonal influence

Email this document to