A path way to successful management of individual intention to security compliance: A role of organizational security climate

While organizations are making a considerable effort to leverage formal and informal control mechanisms (e.g., policies, procedures, organizational culture) to improve security, their impact and effectiveness is under scrutiny as employees seldom comply with information security procedures. Drawing upon Griffin and Neal’s safety climate and performance model, we develop an information security climate model of security policy compliance. With 581 responses collected through a survey of IT users in South Korea, the results strongly support the fundamental proposition that the information security climate has significant positive influence on the intention of the security policy compliance. The study also reveals that the security climate nurtures the employee’s organizational commitment, which in turn shapes favorable attitude towards the compliance of information security and controls the perceived cost of security compliance at the same time. Overall, the findings support our view that various organizational efforts towards information security collectively create the fertile environment where an organizational member is transformed from a security threat to a security asset.