IDEAS home Printed from https://ideas.repec.org/a/pal/palcom/v12y2025i1d10.1057_s41599-025-04718-x.html
   My bibliography  Save this article

Boosting employee information security compliance: the contingent roles of task–technology and person–organization fits

Author

Listed:
  • Inho Hwang

    (Kookmin University)

  • Ribin Seo

    (Soongsil University)

  • Sungho Hu

    (Korea University)

Abstract

In the domain of information security (IS) management, the influence of individual behavior on organizational security has garnered considerable attention, underscored by a dynamically evolving technological landscape. Research to date extensively highlights the necessity of understanding individual roles yet consistently overlooks the complexities of how individual IS policy awareness, threat perception, and compliance behavior intricately intertwine, especially when aligned with organizational needs. This study uniquely addresses these complexities by integrating the concepts of task-technology fit (TTF) and person-organization fit (POF), which are crucial for strategic alignment between individual capabilities and organizational IS frameworks. Our investigation focuses on how TTF and POF are moderators in the relationship between IS policy awareness, threat perception, and compliance behavior. Analyzing survey data from 526 employees across various industries demonstrates that a heightened awareness of IS policies significantly boosts threat perception, fostering more robust compliance behaviors. More critically, our findings reveal that TTF substantially amplifies the influence of policy awareness on threat perception, while POF enhances the transition from threat perception to compliance behavior. These results underscore the importance of contextual factors in shaping effective IS management strategies. This research contributes novel insights into the interplay between individual behaviors and organizational contexts, significantly enriching the discourse in IS management. By demonstrating the pivotal roles of TTF and POF, our study provides a deeper understanding of these dynamics and offers practical guidance for organizations, equipping them with the knowledge to design more effective IS strategies. Including TTF and POF in designing IS strategies is vital in minimizing human-error-related security breaches, thereby strengthening the overall IS posture of organizations. This highlights an urgent need for IS frameworks that not only address but integrate these critical alignment factors, reinforcing the importance of our findings in the broader context of IS management.

Suggested Citation

  • Inho Hwang & Ribin Seo & Sungho Hu, 2025. "Boosting employee information security compliance: the contingent roles of task–technology and person–organization fits," Palgrave Communications, Palgrave Macmillan, vol. 12(1), pages 1-13, December.
    • Handle: RePEc:pal:palcom:v:12:y:2025:i:1:d:10.1057_s41599-025-04718-x
    DOI: 10.1057/s41599-025-04718-x
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1057/s41599-025-04718-x
    File Function: Abstract
    Download Restriction: Access to full text is restricted to subscribers.
    File URL: https://libkey.io/10.1057/s41599-025-04718-x?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to

    for a different version of it.

    References listed on IDEAS

    as
    1. Mari Karjalainen & Mikko Siponen & Petri Puhakainen & Suprateek Sarker, 2020. "Universal and Culture-dependent Employee Compliance of Information Systems Security Procedures," Journal of Global Information Technology Management, Taylor & Francis Journals, vol. 23(1), pages 5-24, January.
    2. John D'Arcy & Anat Hovav & Dennis Galletta, 2009. "User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach," Information Systems Research, INFORMS, vol. 20(1), pages 79-98, March.
    3. Liu, Chenhui & Wang, Nengmin & Liang, Huigang, 2020. "Motivating information security policy compliance: The critical role of supervisor-subordinate guanxi and organizational commitment," International Journal of Information Management, Elsevier, vol. 54(C).
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Yan Chen & Dennis F. Galletta & Paul Benjamin Lowry & Xin (Robert) Luo & Gregory D. Moody & Robert Willison, 2021. "Understanding Inconsistent Employee Compliance with Information Security Policies Through the Lens of the Extended Parallel Process Model," Information Systems Research, INFORMS, vol. 32(3), pages 1043-1065, September.
    2. Hemin Jiang & Mikko Siponen & Zhenhui (Jack) Jiang & Aggeliki Tsohou, 2024. "The Impacts of Internet Monitoring on Employees’ Cyberloafing and Organizational Citizenship Behavior: A Longitudinal Field Quasi-Experiment," Information Systems Research, INFORMS, vol. 35(3), pages 1175-1194, September.
    3. Kumju Hwang & Hyemi Um, 2021. "Social Controls and Bonds of Public Information Consumer on Sustainable Utilization and Provision for Computing," Sustainability, MDPI, vol. 13(9), pages 1-20, May.
    4. Jae Kyu Lee & Younghoon Chang & Hun Yeong Kwon & Beopyeon Kim, 2020. "Reconciliation of Privacy with Preventive Cybersecurity: The Bright Internet Approach," Information Systems Frontiers, Springer, vol. 22(1), pages 45-57, February.
    5. Eric Jardine, 2020. "The Case against Commercial Antivirus Software: Risk Homeostasis and Information Problems in Cybersecurity," Risk Analysis, John Wiley & Sons, vol. 40(8), pages 1571-1588, August.
    6. Rao Faizan Ali & P.D.D. Dominic & Kashif Ali, 2020. "Organizational Governance, Social Bonds and Information Security Policy Compliance: A Perspective towards Oil and Gas Employees," Sustainability, MDPI, vol. 12(20), pages 1-27, October.
    7. V. S. Prakash Attili & Saji K. Mathew & Vijayan Sugumaran, 2022. "Information Privacy Assimilation in IT Organizations," Information Systems Frontiers, Springer, vol. 24(5), pages 1497-1513, October.
    8. A. J. Burns & Clay Posey & James F. Courtney & Tom L. Roberts & Prabhashi Nanayakkara, 2017. "Organizational information security as a complex adaptive system: insights from three agent-based models," Information Systems Frontiers, Springer, vol. 19(3), pages 509-524, June.
    9. Silva, Leiser & Hsu, Carol & Backhouse, James & McDonnell, Aidan, 2016. "Resistance and power in a security certification scheme: the case of c:cure," LSE Research Online Documents on Economics 68348, London School of Economics and Political Science, LSE Library.
    10. Sumantra Sarkar & Anthony Vance & Balasubramaniam Ramesh & Menelaos Demestihas & Daniel Thomas Wu, 2020. "The Influence of Professional Subculture on Information Security Policy Violations: A Field Study in a Healthcare Context," Information Systems Research, INFORMS, vol. 31(4), pages 1240-1259, December.
    11. Zhang, Jinsui & Hu, Min & Jia, Yusheng & Gu, Yuanyuan & Chen, Wen, 2024. "How should regulatory schemes be optimized to enhance deterrence against medical insurance fraud by enrollees? Evidence from a discrete choice experiment in China," Social Science & Medicine, Elsevier, vol. 354(C).
    12. Debabrata Dey & Abhijeet Ghoshal & Atanu Lahiri, 2022. "Circumventing Circumvention: An Economic Analysis of the Role of Education and Enforcement," Management Science, INFORMS, vol. 68(4), pages 2914-2931, April.
    13. Son, Jai-Yeol & Park, Jongpil, 2016. "Procedural justice to enhance compliance with non-work-related computing (NWRC) rules: Its determinants and interaction with privacy concerns," International Journal of Information Management, Elsevier, vol. 36(3), pages 309-321.
    14. Jack Shih-Chieh Hsu & Sheng-Pao Shih & Yu Wen Hung & Paul Benjamin Lowry, 2015. "The Role of Extra-Role Behaviors and Social Controls in Information Security Policy Effectiveness," Information Systems Research, INFORMS, vol. 26(2), pages 282-300, June.
    15. Fariborz Farahmand & Eugene H. Spafford, 2013. "Understanding insiders: An analysis of risk-taking behavior," Information Systems Frontiers, Springer, vol. 15(1), pages 5-15, March.
    16. Mengmeng Song & Joseph Ugrin & Man Li & Jinnan Wu & Shanshan Guo & Wenpei Zhang, 2021. "Do Deterrence Mechanisms Reduce Cyberloafing When It Is an Observed Workplace Norm? A Moderated Mediation Model," IJERPH, MDPI, vol. 18(13), pages 1-16, June.
    17. Chang-Gyu Yang & Hee-Jun Lee, 2016. "A study on the antecedents of healthcare information protection intention," Information Systems Frontiers, Springer, vol. 18(2), pages 253-263, April.
    18. Carol Hsu & Jae-Nam Lee & Detmar W. Straub, 2012. "Institutional Influences on Information Systems Security Innovations," Information Systems Research, INFORMS, vol. 23(3-part-2), pages 918-939, September.
    19. Gabriel Abu-Tayeh & Oliver Neumann & Matthias Stuermer, 2018. "Exploring the Motives of Citizen Reporting Engagement: Self-Concern and Other-Orientation," Business & Information Systems Engineering: The International Journal of WIRTSCHAFTSINFORMATIK, Springer;Gesellschaft für Informatik e.V. (GI), vol. 60(3), pages 215-226, June.
    20. A. J. Burns & Clay Posey & James F. Courtney & Tom L. Roberts & Prabhashi Nanayakkara, 0. "Organizational information security as a complex adaptive system: insights from three agent-based models," Information Systems Frontiers, Springer, vol. 0, pages 1-16.

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:pal:palcom:v:12:y:2025:i:1:d:10.1057_s41599-025-04718-x. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: https://www.nature.com/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.