“真是浪费时间”:对网络安全合法性的审视

‘What a waste of time’: An examination of cybersecurity legitimacy

Information Systems Journal · 2023
被引 18
ABS 4

中文导读

研究引入员工对网络安全政策的合法性判断,通过三波调查发现负面合法性判断中介了管理支持与合规、以及不便与合规的关系,提醒管理者需让员工相信政策公平合理。

Abstract

Abstract Managers who oversee cybersecurity policies commonly rely on managerial encouragement (e.g., rewards) and employee characteristics (e.g., attitude) to drive compliant behaviour. However, whereas some cybersecurity initiatives are perceived as reasonable by employees, others are viewed as a ‘waste of time’. This research introduces employee judgements of cybersecurity legitimacy as a new angle for understanding employee compliance with cybersecurity policies over time. Drawing on theory from the organisational legitimacy and cybersecurity literature, we conduct a three‐wave survey of 529 employees and find that, for each separate wave, negative legitimacy judgements mediate the relationship between management support and compliance, as well as between cybersecurity inconvenience and compliance. Our results provide support for cybersecurity legitimacy as an important influence on employee compliance with cybersecurity initiatives. This is significant because it highlights to managers the importance of not simply expecting compliant employee behaviour to follow from the introduction of cybersecurity initiatives, but that employees need to be convinced that the initiatives are fair and reasonable. Interestingly, we did not find sufficient support for our expectation that the increased likelihood of a cybersecurity incident will moderate the legitimacy‐policy compliance relationship. This result suggests that the legitimacy perceptions of employees are unyielding to differences in the risk characteristics of the cybersecurity incidents facing organisations.

网络安全员工合规行为组织合法性管理支持心理学