This study aims to examine the dual pathways of leadership power bases and misuse deterrent motivational factors for insider intentions to comply with information security policies (ISPs). Investigating both leadership and misuse deterrent factors is necessary because they capture complementary intrinsic and extrinsic pathways through which organisations influence behaviour, enabling a more comprehensive understanding of information security policy compliance (ISPC) than examining either pathway in isolation.
Using the Theory of Planned Behaviour (TPB) and behavioural information security research, this study uses a quantitative research design based on survey data collected from 210 organisational insiders across diverse organisations.
The study indicates that insiders’ ISPC intentions are shaped by both leadership and motivational factors. Referent and legitimate power bases were found to influence compliance intentions indirectly through socio-cognitive factors, whereas coercive, reward and expert power bases had no significant effect. In addition, perceived legitimacy of ISPs and value congruence were found to influence compliance intentions through employees’ attitudes.
Due to the relatively small sample size and the predominance of South African participants, the results may not be fully generalizable to broader or more diverse populations.
This study contributes to the behavioural information security literature by empirically integrating leadership power bases into models of insider compliance. From a practical perspective, the findings suggest that organisations can mitigate insider threats more effectively by fostering legitimacy and relationship-based leadership approaches rather than relying primarily on sanctions or incentives.
This study contributes to the behavioural information security literature by empirically integrating leadership power bases into models of insider compliance.
The proposed research model offers a novel contribution by examining how leadership power bases and misuse-deterrent pathways shape compliance-related socio-cognitive beliefs, including attitudes towards ISPs, self-efficacy and subjective norms.
