Not all information security-related stresses are equal: the effects of challenge and hindrance stresses on employees' compliance with information security policies

Information security-related stresses (SRSs) are widely considered to play a negative role in the workplace, motivating employees' violation of information security policies (ISPs). However, researchers have neglected to challenge SRS and its role in promoting positive security actions. Therefore, this study aimed to explore the effect of both challenge and hindrance SRSs on employees' intention to comply with ISPs and the moderating mechanisms of regulatory focus in the relationship between SRSs and ISP compliance. Using survey data from 489 employees in Chinese enterprises, we applied a PLS-SEM method to test hypotheses. Our study found that the hindrance SRS had a negative effect on ISP compliance intention, differently, challenge SRS motivates employees to comply with ISPs. Our study also found prevention focus acted as a positive moderator in the relationship between hindrance SRS and compliance intention, while promotion focus had no effect on this relationship; Promotion focus positively moderated the relationship between challenge SRS and compliance intention, and prevention focus negatively moderated the relationship between challenge SRS and compliance intention. These findings provide new knowledge by examining the different effects and the boundary conditions to understand how two types of SRS influence employees' informaiton security dicisions.

Automated summary

The study found that hindrance SRS had a negative effect on employees' intention to comply with ISPs, while challenge SRS motivated employees to comply with ISPs. Prevention focus positively moderated the relationship between hindrance SRS and compliance intention, while promotion focus positively moderated the relationship between challenge SRS and compliance intention.