The impact of an employee's psychological contract breach on compliance with information security policies: intrinsic and extrinsic motivation

TL;DR

This study examines how psychological contract breaches among employees decrease their compliance with information security policies, highlighting the importance of intrinsic motivation and addressing security risks.

Contribution

It introduces a model linking psychological contract breach to compliance intention, emphasizing the impact on intrinsic motivation within the context of IS security.

Findings

Higher PCB reduces compliance intention

PCBs diminish intrinsic motivation factors

No moderating effect of PCB on extrinsic motivation

Abstract

Despite the rapid rise in social engineering attacks, not all employees are as compliant with information security policies (ISPs) to the extent that organisations expect them to be. ISP non-compliance is caused by a variety of psychological motivation. This study investigates the effect of psychological contract breach (PCB) of employees on ISP compliance intention (ICI) by dividing them into intrinsic and extrinsic motivation using the theory of planned behaviour (TPB) and the general deterrence theory (GDT). Data analysis from UK employees (\textit{n=206}) showed that the higher the PCB, the lower the ICI. The study also found that PCBs significantly reduced intrinsic motivation (attitude and perceived fairness) for ICI, whereas PCBs did not moderate the relationship between extrinsic motivation (sanction severity and sanctions certainty) and ICI. As a result, this study successfully addresses the risks of PCBs in the field of IS security and proposes effective solutions for employees with high PCBs.