Organizational and team culture as antecedents of protection motivation among IT employees

The rapid development of technology and information systems has led to higher information security related issues in an organization. The age of remote working (i.e., telecommuting) has further increased information security related incidents that need to be adequately addressed. This paper extends the protection motivation theory by drawing insights from organizational and institutional theory literature to examine how organizational culture and subcultures such as team culture impact information security compliance. The primary objective of this study is to understand the impact of the dimensions of organizational culture and team culture on employees' perceived threats and coping motivation associated with information security compliance. The study applied structural equation modeling to analyze survey responses of 341 IT employees in the United States. The result of the study indicates that both organization and team culture impacts employees' perception to appraise threat and coping, which in turn impacts behavioral intention to comply with information security policies. The findings of this study contribute to the information security compliance research by demonstrating the importance of developing an information security culture within an organization and its subgroups.Published by Elsevier Ltd. This is an open access article under the CC BY-NC-ND license ( http://creativecommons.org/licenses/by-nc-nd/4.0/ )

Automated summary

The rapid development of technology and information systems has led to an increase in information security related issues in organizations. The age of remote working has further heightened the need to address these incidents. This study examines the impact of organizational culture and team culture on employees' perceived threats and coping motivation in relation to information security compliance. The findings suggest that both organization and team culture influence employees' perception of threats and motivation to comply with information security policies.