Motivating Employees to Comply with Information Security Policies

Employee noncompliance with Information Systems security policies is a serious computer security threat. Employees’ extensive knowledge of information systems, their access credentials, and the trust accorded them by their employers make them a potential threat to computer security. The importance of this phenomenon has led to a number of studies on the “insider threat.” However, research on employee compliance with IS security policies has focused mainly on the role of extrinsic motivation. Few studies have focused on the role of intrinsic motivation. This study fills this gap by building a theoretical model based on data using grounded theory methodology. Seed concepts from High Performance Work Systems (HPWS) were used to develop initial questions for structured interviews with employees from a variety of institutions. This theoretical model lays a framework for how organizations can intrinsically motivate their employees to comply with organizational information security policies.