Effects of individual and organization based beliefs and the moderating role of work experience on insiders’ good security behaviors

This research aims to identify the factors that drive an employee to comply with requirements of the Information Security Policy (ISP) with regard to protecting her organization’s information and technology resources. Two different research models are proposed for an employee’s individual based beliefs and organization based beliefs. An employee’s attitude is traced to its underlying foundational beliefs in each model, namely, benefit of compliance, cost of non-compliance, and cost of compliance, which are beliefs that represent the perceived effects of compliance or non-compliance. It is also postulated that these beliefs along with an employee’s attitude are affected by her Information Security Awareness (ISA). Besides the structural model testing of individual and organizational models of compliance, the moderating role of an employee’s work experience is investigated. Our results show that, while individual benefit of compliance and cost of compliance are not significant in the low experience group, all individual based beliefs are significant in the high experience group. Similarly, organizational benefit of compliance is not significant in the low experience group, while all organization based beliefs are significant in the high experience group. Furthermore, ISA is found to affect an employee’s attitude and all her individual and organization based beliefs. As organizations strive to get their employees to follow their information security rules and regulations, our study mainly sheds light on the moderating role of an employee’s work experience in changing the strength of individual and organization based beliefs on employees’ attitude as well as her ISA.