Employee responses to information security related stress: Coping and violation intention

Abstract Studies on employee responses to the information security policy (ISP) demands to show that employees who experience stress over the demands would resort to emotion‐focused coping to alleviate the stress and subsequently violate the ISP. However, their intent to engage in problem‐focused coping to meet the ISP demands and possibly reduce ISP violations has yet to be analysed. We argue that both types of coping responses coexist in employee responses to ISP demands and they together influence ISP violation intention. Drawing upon the Transactional Model of Stress and Coping, we examine how security‐related stress (SRS) triggers inward and outward emotion‐focused coping, and problem‐focused coping to the ISP demands, which together influence employee ISP violations. We also examine how ISP‐related self‐efficacy and organisational support moderate the effects of SRS on coping responses. We surveyed 200 employees in the United States to test our model. The results indicate that SRS triggers all three coping responses, and ISP‐related self‐efficacy and organisational support reduce the effects of SRS on inward and outward emotion‐focused coping. Problem‐focused coping then decreases ISP violation intention, whereas inward and outward emotion‐focused coping increases it. The model was further verified with ISP compliance as the outcome construct, which yielded consistent results. Understanding various coping responses to SRS and the factors that facilitate or inhibit the responses can assist managers in effectively designing and implementing the ISP to reduce employee ISP violations.