Examining the role of stress and information security policy design in information security compliance behaviour: An experimental study of in-task behaviour

Based on the transactional theory of stress, the study sets out to explore the relationship between occupational stress, information security policy (ISP) designs, and security behaviour. Results from an in-basket experiment reveal that stress elicited by time constraints leads to ISP non-compliance behaviour in the workplace. In addition, the results of the study show that punishment can buffer the effect of perceived stress on ISP non-compliance. While existing research on stress and ISP compliance focus on stress induced by security requirements, our study extends these findings by providing insights how stressful work environments and ISP designs shape ISP compliance behaviour. (C) 2021 Elsevier Ltd. All rights reserved.

Automated summary

This study explores the relationship between occupational stress, information security policy designs, and security behavior, finding that time constraints can lead to non-compliance with ISP and that punishment can mitigate the effects of stress on ISP non-compliance. Additionally, the study extends previous findings by examining how stressful work environments and ISP designs shape compliance behavior.