Information Systems Protection Motivation with Ethical Appraisals

Authors

Dailin Zheng, San Jose State UniversityFollow
Zhiping Walter, University of Colorado Denver

Publication Date

1-1-2025

Document Type

Article

Publication Title

Journal of Computer Information Systems

DOI

10.1080/08874417.2025.2510421

Abstract

Employee noncompliance with information systems security policies (ISSPs) is a major cause of organizational data breaches. Protection motivation theory (PMT) has been widely used to model ISSP compliance intention. However, the explanatory power of PMT-based models is lower in workplace settings than in personal settings. We propose that this is due to not modeling the moral hazard caused by cost-consequence misalignment, that is, it is the employee who bears compliance cost, but it is the organization that bears the consequences of noncompliance. We modified PMT with moral intensity appraisal to account for additional cognitive appraisals salient when moral hazard arises. Our model accounts for an additional ten percentage variance in compliance intention compared with PMT. Results highlight the role of employee proximity to the organization in ISSP compliance. We propose concrete measures that have the potential to minimize the cost-consequence misalignment and moral hazard in compliance and thereby decreasing noncompliance.

Keywords

ethical decision-making, ISSP compliance, moral hazard, moral intensity, protection motivation theory

Department

Information Systems and Technology

Recommended Citation

Dailin Zheng and Zhiping Walter. "Information Systems Protection Motivation with Ethical Appraisals" Journal of Computer Information Systems (2025). https://doi.org/10.1080/08874417.2025.2510421