The impact of awareness of being monitored on computer usage policy compliance: an agency view

Computer abuse by employees has increased the potential for security vulnerabilities for organizations. Organizations have established various security countermeasures to prevent computer abuse and protect organizational information. However, these policies are only effective if followed. Thus, it is important for organizations to understand the factors that motivate employees to follow computer usage polices. We investigate the impact of different countermeasures, such as perceived sanctions, and awareness of being monitored on compliance with computer usage policies by drawing upon agency theory and general deterrence theory. After testing the hypothesized relationships using survey data, the results indicate that perceived sanction severity and certainty significantly influence intention to comply with computer usage policies. Furthermore, awareness of being monitored is found to significantly impact penalties. Study results further indicate that penalties may be effective only to the extent that organizations can detect employees’ deviant behavior through managerial controls, such as computer monitoring

Impact of deterrence and inertia on information security policy changes

This study examines the impact of deterrence and inertia on information security policy changes. Corporations recognize the need to prioritize information security, which sometimes involves designing and implementing new security measures or policies. Using an online survey, we investigate the effect of deterrent sanctions and inertia on respondents’ intentions to comply with modifications to company information security policies. We find that certainty and celerity associated with deterrent sanctions increase compliance intentions, while inertia decreases respondents’ compliance intentions related to modified information security policies. Therefore, organizations must work to overcome employees’ reluctance to change in order to improve compliance with security policy modifications. They may also consider implementing certain and timely sanctions for noncompliance