Motivating information security policy compliance: The critical role of supervisor-subordinate guanxi and organizational commitment

Abstract Employees’ non-compliance with organizational information security policy (ISP) when using informational resources has become the main reason for continuous security incidents. Drawing upon technology threat avoidance theory (TTAT) and social exchange theory (SET), our study investigates the influence of supervisor-subordinate guanxi (SSG) and organizational commitment in the information security management. Our hypotheses were tested using survey data from 235 Chinese government employees. Results not only confirm the direct effect of SSG on government employees’ ISP compliance but also suggest that SSG indirectly influences compliance behavior via the mediation of organizational commitment. Organizational commitment weakens the negative influence of perceived costs on compliance behavior and also weakens the positive effect of self-efficacy on employees’ ISP compliance. For low-commitment employees, the negative influence of perceived costs on compliance behavior is more significant than that of those with strong organizational commitment, and self-efficacy exerts a stronger effect on ISP compliance for low-commitment employees than it does for high-commitment employees. This study contributes to current literature on information systems (IS) by confirming the critical roles of SSG and organizational commitment in motivating employees’ compliance behavior.