IDEAS home Printed from https://ideas.repec.org/a/pal/palcom/v12y2025i1d10.1057_s41599-025-04718-x.html
   My bibliography  Save this article

Boosting employee information security compliance: the contingent roles of task–technology and person–organization fits

Author

Listed:
  • Inho Hwang

    (Kookmin University)

  • Ribin Seo

    (Soongsil University)

  • Sungho Hu

    (Korea University)

Abstract

In the domain of information security (IS) management, the influence of individual behavior on organizational security has garnered considerable attention, underscored by a dynamically evolving technological landscape. Research to date extensively highlights the necessity of understanding individual roles yet consistently overlooks the complexities of how individual IS policy awareness, threat perception, and compliance behavior intricately intertwine, especially when aligned with organizational needs. This study uniquely addresses these complexities by integrating the concepts of task-technology fit (TTF) and person-organization fit (POF), which are crucial for strategic alignment between individual capabilities and organizational IS frameworks. Our investigation focuses on how TTF and POF are moderators in the relationship between IS policy awareness, threat perception, and compliance behavior. Analyzing survey data from 526 employees across various industries demonstrates that a heightened awareness of IS policies significantly boosts threat perception, fostering more robust compliance behaviors. More critically, our findings reveal that TTF substantially amplifies the influence of policy awareness on threat perception, while POF enhances the transition from threat perception to compliance behavior. These results underscore the importance of contextual factors in shaping effective IS management strategies. This research contributes novel insights into the interplay between individual behaviors and organizational contexts, significantly enriching the discourse in IS management. By demonstrating the pivotal roles of TTF and POF, our study provides a deeper understanding of these dynamics and offers practical guidance for organizations, equipping them with the knowledge to design more effective IS strategies. Including TTF and POF in designing IS strategies is vital in minimizing human-error-related security breaches, thereby strengthening the overall IS posture of organizations. This highlights an urgent need for IS frameworks that not only address but integrate these critical alignment factors, reinforcing the importance of our findings in the broader context of IS management.

Suggested Citation

  • Inho Hwang & Ribin Seo & Sungho Hu, 2025. "Boosting employee information security compliance: the contingent roles of task–technology and person–organization fits," Palgrave Communications, Palgrave Macmillan, vol. 12(1), pages 1-13, December.
    • Handle: RePEc:pal:palcom:v:12:y:2025:i:1:d:10.1057_s41599-025-04718-x
    DOI: 10.1057/s41599-025-04718-x
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1057/s41599-025-04718-x
    File Function: Abstract
    Download Restriction: Access to full text is restricted to subscribers.
    File URL: https://libkey.io/10.1057/s41599-025-04718-x?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Mari Karjalainen & Mikko Siponen & Petri Puhakainen & Suprateek Sarker, 2020. "Universal and Culture-dependent Employee Compliance of Information Systems Security Procedures," Journal of Global Information Technology Management, Taylor & Francis Journals, vol. 23(1), pages 5-24, January.
    2. John D'Arcy & Anat Hovav & Dennis Galletta, 2009. "User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach," Information Systems Research, INFORMS, vol. 20(1), pages 79-98, March.
    3. Liu, Chenhui & Wang, Nengmin & Liang, Huigang, 2020. "Motivating information security policy compliance: The critical role of supervisor-subordinate guanxi and organizational commitment," International Journal of Information Management, Elsevier, vol. 54(C).
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Yan Chen & Dennis F. Galletta & Paul Benjamin Lowry & Xin (Robert) Luo & Gregory D. Moody & Robert Willison, 2021. "Understanding Inconsistent Employee Compliance with Information Security Policies Through the Lens of the Extended Parallel Process Model," Information Systems Research, INFORMS, vol. 32(3), pages 1043-1065, September.
    2. Kumju Hwang & Hyemi Um, 2021. "Social Controls and Bonds of Public Information Consumer on Sustainable Utilization and Provision for Computing," Sustainability, MDPI, vol. 13(9), pages 1-20, May.
    3. Jae Kyu Lee & Younghoon Chang & Hun Yeong Kwon & Beopyeon Kim, 2020. "Reconciliation of Privacy with Preventive Cybersecurity: The Bright Internet Approach," Information Systems Frontiers, Springer, vol. 22(1), pages 45-57, February.
    4. Eric Jardine, 2020. "The Case against Commercial Antivirus Software: Risk Homeostasis and Information Problems in Cybersecurity," Risk Analysis, John Wiley & Sons, vol. 40(8), pages 1571-1588, August.
    5. Silva, Leiser & Hsu, Carol & Backhouse, James & McDonnell, Aidan, 2016. "Resistance and power in a security certification scheme: the case of c:cure," LSE Research Online Documents on Economics 68348, London School of Economics and Political Science, LSE Library.
    6. Sumantra Sarkar & Anthony Vance & Balasubramaniam Ramesh & Menelaos Demestihas & Daniel Thomas Wu, 2020. "The Influence of Professional Subculture on Information Security Policy Violations: A Field Study in a Healthcare Context," Information Systems Research, INFORMS, vol. 31(4), pages 1240-1259, December.
    7. Mengmeng Song & Joseph Ugrin & Man Li & Jinnan Wu & Shanshan Guo & Wenpei Zhang, 2021. "Do Deterrence Mechanisms Reduce Cyberloafing When It Is an Observed Workplace Norm? A Moderated Mediation Model," IJERPH, MDPI, vol. 18(13), pages 1-16, June.
    8. Chang-Gyu Yang & Hee-Jun Lee, 2016. "A study on the antecedents of healthcare information protection intention," Information Systems Frontiers, Springer, vol. 18(2), pages 253-263, April.
    9. Carol Hsu & Jae-Nam Lee & Detmar W. Straub, 2012. "Institutional Influences on Information Systems Security Innovations," Information Systems Research, INFORMS, vol. 23(3-part-2), pages 918-939, September.
    10. A. J. Burns & Clay Posey & James F. Courtney & Tom L. Roberts & Prabhashi Nanayakkara, 0. "Organizational information security as a complex adaptive system: insights from three agent-based models," Information Systems Frontiers, Springer, vol. 0, pages 1-16.
    11. Warut Khern-am-nuai & Matthew J. Hashim & Alain Pinsonneault & Weining Yang & Ninghui Li, 2023. "Augmenting Password Strength Meter Design Using the Elaboration Likelihood Model: Evidence from Randomized Experiments," Information Systems Research, INFORMS, vol. 34(1), pages 157-177, March.
    12. Verena Wolf & Christian Bartelheimer & Daniel Beverungen, 2020. "Workarounds as Generative Mechanisms for Restructuring and Redesigning Organizations - Insights from a Multiple Case Study," Working Papers Dissertations 68, Paderborn University, Faculty of Business Administration and Economics.
    13. A. J. Burns & Tom L. Roberts & Clay Posey & Paul Benjamin Lowry & Bryan Fuller, 2023. "Going Beyond Deterrence: A Middle-Range Theory of Motives and Controls for Insider Computer Abuse," Information Systems Research, INFORMS, vol. 34(1), pages 342-362, March.
    14. Olfa Ismail, 2022. "Designing Information Security Culture Artifacts to Improve Security Behavior: An Evaluation in SMEs [Conception des artefacts de culture de sécurité de l'information pour améliorer les comportemen," Post-Print hal-04215032, HAL.
    15. Steinbart, Paul John & Raschke, Robyn L. & Gal, Graham & Dilla, William N., 2012. "The relationship between internal audit and information security: An exploratory investigation," International Journal of Accounting Information Systems, Elsevier, vol. 13(3), pages 228-243.
    16. Robert E. Crossler & France Bélanger & Dustin Ormond, 2019. "The quest for complete security: An empirical analysis of users’ multi-layered protection from security threats," Information Systems Frontiers, Springer, vol. 21(2), pages 343-357, April.
    17. Huigang Liang & Yajiong Xue & Liansheng Wu, 2013. "Ensuring Employees' IT Compliance: Carrot or Stick?," Information Systems Research, INFORMS, vol. 24(2), pages 279-294, June.
    18. Kabiru Maitama Kura & Faridahwati Mohd. Shamsudin & Ajay Chauhan, 2015. "Does Self-Regulatory Efficacy Matter? Effects of Punishment Certainty and Punishment Severity on Organizational Deviance," SAGE Open, , vol. 5(2), pages 21582440155, June.
    19. Dayangku Horiah Awang Gani & Assoc. Prof. Dr. Irwan Kamaruddin Abdul Kadir & Assoc. Prof Ts. Dr. Mohd Razilan Abdul Kadir, 2024. "Analyzing Rejected Hypotheses in Information System Effectiveness of Electronic Document Management System," International Journal of Research and Innovation in Social Science, International Journal of Research and Innovation in Social Science (IJRISS), vol. 8(12), pages 4101-4108, December.
    20. Binglong Zheng & Daniel Tse & Jiajing Ma & Xuanyi Lang & Yinli Lu, 2023. "An Empirical Study of SETA Program Sustaining Educational Sector’s Information Security vs. Information Systems Misuse," Sustainability, MDPI, vol. 15(17), pages 1-17, August.

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:pal:palcom:v:12:y:2025:i:1:d:10.1057_s41599-025-04718-x. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: https://www.nature.com/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.