Promoting Security Behaviors in Remote Work Environments: Personal Values Shaping Information Security Policy Compliance

Cybersecurity threats and information security policy (ISP) compliance are critical concerns for organizations. The recent trend of working from home has made individual characteristics more relevant in fostering ISP compliance. Whereas extant research has theorized and offered alternatives to induce ISP compliance, most studies have failed to consider the differences between onsite and remote workers to motivate compliance with ISPs and have instead focused on standard interventions without considering personal characteristics. One of the few models including factors related to individuals’ characteristics is the unified model of information security policy compliance (UMISPC). This paper extends the UMISPC by drawing on Schwartz’s universal theory of personal values. We propose the values construct as a robust representation of an individual’s motivations to comply with an ISP. We confirm that personal values are significant predictors of compliance with ISPs. Furthermore, a comparison between onsite and remote workers suggests that personal values are more relevant in remote work settings. Our findings shed light on the values and individual characteristics that are important motivators for ISP compliance and how they differ for onsite and remote workers. Our results suggest that people’s personal motivations should be considered in promoting organizations’ ISPs and that organizations’ interventions should be tailored by understanding what values motivate or hinder ISP compliance.