Employment status and information security policy compliance

More and more companies have been increasing the flexibility of their labor force. However, labor forces with different employee positions within the organization bring different stakes and level of commitment. This is particularly true with temporary employees who have little reason to be committed towards their organization.

Complying with the security policies requires time and effort that could have been used in other primary tasks of the employees. Thus, complying is often perceived as a response cost that is a barrier to productivity. Similarly, the end users and the employees are more likely to perceive an IT threat as avoidable by taking a safeguarding measure when the costs associated with this measure is low.

Two theoretical keys have been used by the authors in this article: Organizational commitment and Perceived organizational support. Organization commitment refers to employee’s attachment to the organization. An employee’s level of commitment towards an organizational will determine his intentions to follow security policies. In the presence of organizational commitment, an employee is more than willing to invest time, money, or effort to remain committed towards organization’s policy. Employees have a general expectation that their organization values their contribution. Thus, Perceived Organizational support strengthens the belief that the organization recognizes, and rewards expected behavior, which in return encourages employees to be dedicated and loyal to the organization and its goal.

In this article, the authors focused on how employment position such as contract/part-time or permanent shapes the organizational commitment of employees and affects their perception of severity, certainty, and celerity of punishment.

The findings of this study showed that the perceived response costs have a significant impact on the intention to comply with security policies. This suggests that the costs individuals perceive to comply with information security policy are significant enough to make an important difference on whether or not to comply with the organization’s security policy. The results also showed that organizational commitment positively impacts employee’s intention to comply with security policies.

Regarding employment status, the results indicate that the intention to comply would be stronger among permanent employees than temporary employees. Permanent employees tend to have a higher psychological investment in the organization and thus, a higher commitment to comply. Also, the perceived organizational support would be stronger among permanent employees than temporary employees. When an employee believes that the organization supports and values his contribution, then he is willing to put extra effort beyond required by the organization.

By highlighting the impact of organizational commitment and perceived organization support on employee’s information security policy compliance, this article can help organizations understand the need of appropriate vetting and security clearance of employees working with data and information.


Cite: Sharma, S. &  Warkentin, M. (2019). Do I really belong? Impact of employment status on information security policy compliance. Computers & Security, 87.