{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,18]],"date-time":"2026-01-18T04:26:55Z","timestamp":1768710415352,"version":"3.49.0"},"reference-count":96,"publisher":"Springer Science and Business Media LLC","issue":"6","license":[{"start":{"date-parts":[[2019,10,25]],"date-time":"2019-10-25T00:00:00Z","timestamp":1571961600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2019,10,25]],"date-time":"2019-10-25T00:00:00Z","timestamp":1571961600000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Inf Syst Front"],"published-print":{"date-parts":[[2019,12]]},"DOI":"10.1007\/s10796-019-09956-4","type":"journal-article","created":{"date-parts":[[2019,10,25]],"date-time":"2019-10-25T20:51:59Z","timestamp":1572036719000},"page":"1265-1284","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":70,"title":["A Meta-Analysis of Deterrence Theory in Information Security Policy Compliance Research"],"prefix":"10.1007","volume":"21","author":[{"given":"Simon","family":"Trang","sequence":"first","affiliation":[]},{"given":"Benedikt","family":"Brendel","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,10,25]]},"reference":[{"issue":"1","key":"9956_CR1","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1108\/ICS-09-2016-0073","volume":"26","author":"K Alshare","year":"2018","unstructured":"Alshare, K., Lane, P. L., & Lane, M. R. (2018). Information security policy compliance: A higher education case study. Information and Computer Security, 26(1), 91\u2013108. \nhttps:\/\/doi.org\/10.1108\/ICS-09-2016-0073\n\n.","journal-title":"Information and Computer Security"},{"key":"9956_CR2","unstructured":"Arunothong, W. (2014). Three research essays on propensity to disclose medical information through formal and social information technologies. ProQuest Dissertations and Theses. University of Wisconsin Milwaukee. Retrieved from \nhttps:\/\/search.proquest.com\/docview\/1664611536?accountid=14169"},{"issue":"4","key":"9956_CR3","doi-asserted-by":"publisher","first-page":"421","DOI":"10.1108\/ICS-11-2016-0089","volume":"25","author":"S Aurigemma","year":"2017","unstructured":"Aurigemma, S., & Mattson, T. (2017). Deterrence and punishment experience impacts on ISP compliance attitudes. Information & Computer Security, 25(4), 421\u2013436. \nhttps:\/\/doi.org\/10.1108\/ICS-11-2016-0089\n\n.","journal-title":"Information & Computer Security"},{"issue":"5\/6","key":"9956_CR4","doi-asserted-by":"publisher","first-page":"337","DOI":"10.1108\/09576050210447019","volume":"15","author":"R Baskerville","year":"2002","unstructured":"Baskerville, R., & Siponen, M. (2002). An information security meta-policy for emergent organizations. Logistics Information Management, 15(5\/6), 337\u2013346. \nhttps:\/\/doi.org\/10.1108\/09576050210447019\n\n.","journal-title":"Logistics Information Management"},{"issue":"2","key":"9956_CR5","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1177\/0022022194252005","volume":"25","author":"S Bochner","year":"1994","unstructured":"Bochner, S., & Hesketh, B. (1994). Power distance, individualism\/collectivism, and job-related attitudes in a culturally diverse work group. Journal of Cross-Cultural Psychology, 25(2), 233\u2013257.","journal-title":"Journal of Cross-Cultural Psychology"},{"key":"9956_CR6","unstructured":"Brown, D. A. (2017). Examining the behavioral intention of individuals\u2019 compliance with information security policies. Walden Dissertations and Doctoral Studies. Walden University. Retrieved from \nhttp:\/\/scholarworks.waldenu.edu\/dissertations%0Ahttp:\/\/scholarworks.waldenu.edu\/dissertations\/3750\/"},{"issue":"3","key":"9956_CR7","doi-asserted-by":"publisher","first-page":"523","DOI":"10.2307\/25750690","volume":"34","author":"B Bulgurcu","year":"2010","unstructured":"Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010a). Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523\u2013548.","journal-title":"MIS Quarterly"},{"key":"9956_CR8","doi-asserted-by":"publisher","unstructured":"Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010b). Quality and fairness of an information security policy as antecedents of employees\u2019 security engagement in the workplace: An empirical investigation. In Proceedings of the 43rd Hawaii International Conference on System Sciences (pp. 1\u20137). \nhttps:\/\/doi.org\/10.1109\/HICSS.2010.312\n\n.","DOI":"10.1109\/HICSS.2010.312"},{"key":"9956_CR9","first-page":"650","volume-title":"Encyclopedia of statistics in behavioral science","author":"PL Busk","year":"2005","unstructured":"Busk, P. L. (2005). Field experiment. In B. Everitt & D. Howell (Eds.), Encyclopedia of statistics in behavioral science (pp. 650\u2013652). Ltd: John Wiley & Sons."},{"key":"9956_CR10","unstructured":"Cao, L. (2004). Major criminological theories: Concepts and measurements. Wadsworth Publishing."},{"issue":"4","key":"9956_CR11","doi-asserted-by":"publisher","first-page":"763","DOI":"10.1080\/09585192.2011.555122","volume":"22","author":"JMC Chao","year":"2011","unstructured":"Chao, J. M. C., Cheung, F. Y. L., & Wu, A. M. S. (2011). Psychological contract breach and counterproductive workplace behaviors: Testing moderating effect of attribution style and power distance. International Journal of Human Resource Management, 22(4), 763\u2013777. \nhttps:\/\/doi.org\/10.1080\/09585192.2011.555122\n\n.","journal-title":"International Journal of Human Resource Management"},{"issue":"4","key":"9956_CR12","doi-asserted-by":"publisher","first-page":"312","DOI":"10.1080\/08874417.2016.1258679","volume":"58","author":"X Chen","year":"2018","unstructured":"Chen, X., Chen, L., Wu, D., & Perspective, A. (2018). Factors that influence employees\u2019 security policy compliance: An awareness-motivation-capability perspective. Journal of Computer Information Systems, 58(4), 312\u2013324. \nhttps:\/\/doi.org\/10.1080\/08874417.2016.1258679\n\n.","journal-title":"Journal of Computer Information Systems"},{"issue":"1","key":"9956_CR13","doi-asserted-by":"publisher","first-page":"285","DOI":"10.25300\/MISQ\/2018\/13853","volume":"42","author":"Gregory D. Moody","year":"2018","unstructured":"Chen,Y., Ramamurthy, K., Wen, K.-W. (2013). Organizations\u2019 Information Security Policy Compliance: Stick or Carrot Approach?, Journal of Management. Information Systems, 29 157\u2013188. \nhttps:\/\/doi.org\/10.25300\/MISQ\/2018\/13853\n\n.","journal-title":"MIS Quarterly"},{"issue":"PART B","key":"9956_CR14","doi-asserted-by":"publisher","first-page":"447","DOI":"10.1016\/j.cose.2013.09.009","volume":"39","author":"L Cheng","year":"2013","unstructured":"Cheng, L., Li, Y., Li, W., Holm, E., & Zhai, Q. (2013). Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theory. Computers and Security, 39(PART B), 447\u2013459. \nhttps:\/\/doi.org\/10.1016\/j.cose.2013.09.009\n\n.","journal-title":"Computers and Security"},{"key":"9956_CR15","doi-asserted-by":"crossref","unstructured":"Cram, W. A., Proudfoot, J. G., & D\u2019Arcy, J. (2017). Seeing the forest and the trees: A meta-analysis of information security policy compliance literature. In Proceedings of the 50th Hawaii International Conference on System Sciences (pp. 4051\u20134060).","DOI":"10.24251\/HICSS.2017.489"},{"key":"9956_CR16","doi-asserted-by":"publisher","first-page":"90","DOI":"10.1016\/j.cose.2012.09.010","volume":"32","author":"RE Crossler","year":"2013","unstructured":"Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013). Future directions for behavioral information security research. Computers and Security, 32, 90\u2013101. \nhttps:\/\/doi.org\/10.1016\/j.cose.2012.09.010\n\n.","journal-title":"Computers and Security"},{"issue":"1","key":"9956_CR17","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1080\/0144929X.2017.1397193","volume":"37","author":"S Cuganesan","year":"2018","unstructured":"Cuganesan, S., Steele, C., & Hart, A. (2018). How senior management and workplace norms influence information security attitudes and self-efficacy. Behaviour and Information Technology, 37(1), 50\u201365. \nhttps:\/\/doi.org\/10.1080\/0144929X.2017.1397193\n\n.","journal-title":"Behaviour and Information Technology"},{"issue":"5","key":"9956_CR18","doi-asserted-by":"publisher","first-page":"474","DOI":"10.1108\/IMCS-08-2013-0057","volume":"22","author":"J D\u2019Arcy","year":"2014","unstructured":"D\u2019Arcy, J., & Greene, G. (2014). Security culture and the employment relationship as drivers of employees\u2019 security compliance. Information Management & Computer Security, 22(5), 474\u2013489. \nhttps:\/\/doi.org\/10.1108\/IMCS-08-2013-0057\n\n.","journal-title":"Information Management & Computer Security"},{"issue":"6","key":"9956_CR19","doi-asserted-by":"publisher","first-page":"643","DOI":"10.1057\/ejis.2011.23","volume":"20","author":"J D\u2019Arcy","year":"2011","unstructured":"D\u2019Arcy, J., & Herath, T. (2011). A review and analysis of deterrence theory in the IS security literature: Making sense of the disparate findings. European Journal of Information Systems, 20(6), 643\u2013658. \nhttps:\/\/doi.org\/10.1057\/ejis.2011.23\n\n.","journal-title":"European Journal of Information Systems"},{"issue":"SUPPL. 1","key":"9956_CR20","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1007\/s10551-008-9909-7","volume":"89","author":"J D\u2019Arcy","year":"2009","unstructured":"D\u2019Arcy, J., & Hovav, A. (2009). Does one size fit all? Examining the differential effects of IS security countermeasures. Journal of Business Ethics, 89(SUPPL. 1), 59\u201371. \nhttps:\/\/doi.org\/10.1007\/s10551-008-9909-7\n\n.","journal-title":"Journal of Business Ethics"},{"issue":"1","key":"9956_CR21","doi-asserted-by":"publisher","first-page":"79","DOI":"10.1287\/isre.1070.0160","volume":"20","author":"J D\u2019Arcy","year":"2009","unstructured":"D\u2019Arcy, J., Hovav, A., & Galletta, D. F. (2009). User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Information Systems Research, 20(1), 79\u201398. \nhttps:\/\/doi.org\/10.1287\/isre.1070.0160\n\n.","journal-title":"Information Systems Research"},{"issue":"2","key":"9956_CR22","doi-asserted-by":"publisher","first-page":"285","DOI":"10.2753\/MIS0742-1222310210","volume":"31","author":"J D\u2019Arcy","year":"2014","unstructured":"D\u2019Arcy, J., Herath, T., & Shoss, M. K. (2014). Understanding employee responses to stressful information security requirements: A coping Perspective. Journal of Management Information Systems, 31(2), 285\u2013318. \nhttps:\/\/doi.org\/10.2753\/MIS0742-1222310210\n\n.","journal-title":"Journal of Management Information Systems"},{"issue":"263","key":"9956_CR23","doi-asserted-by":"publisher","first-page":"1385","DOI":"10.1001\/jama.1990.03440100097014","volume":"10","author":"K Dickersin","year":"1990","unstructured":"Dickersin, K. (1990). The existence of publication Bias and risk factors for its occurrence. The Journal of the American Medical Association, 10(263), 1385\u20131359.","journal-title":"The Journal of the American Medical Association"},{"issue":"4","key":"9956_CR24","doi-asserted-by":"publisher","first-page":"391","DOI":"10.1111\/j.1365-2575.2007.00289.x","volume":"19","author":"T Dinev","year":"2009","unstructured":"Dinev, T., Goo, J., Hu, Q., & Nam, K. (2009). User behaviour towards protective information technologies: The role of national cultural differences. Information Systems Journal, 19(4), 391\u2013412. \nhttps:\/\/doi.org\/10.1111\/j.1365-2575.2007.00289.x\n\n.","journal-title":"Information Systems Journal"},{"key":"9956_CR25","unstructured":"Dugo, T. M. (2007). The insider threat to Organisational information security: A structural model and empirical test. Auburn University. Retrieved from \nhttps:\/\/etd.auburn.edu\/handle\/10415\/1345"},{"issue":"2","key":"9956_CR26","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1057\/ejis.2015.9","volume":"25","author":"M Foth","year":"2016","unstructured":"Foth, M. (2016). Factors influencing the intention to comply with data protection regulations in hospitals: Based on gender differences in behaviour and deterrence. European Journal of Information Systems, 25(2), 91\u2013109. \nhttps:\/\/doi.org\/10.1057\/ejis.2015.9\n\n.","journal-title":"European Journal of Information Systems"},{"key":"9956_CR27","unstructured":"Gartner. (2018). Gartner forecasts worldwide information security spending to exceed $124 billion in 2019. \nhttps:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2018-08-15-gartner-forecasts-worldwide-information-security-spending-to-exceed-124-billion-in-2019"},{"issue":"4","key":"9956_CR28","doi-asserted-by":"publisher","first-page":"1159","DOI":"10.25300\/MISQ\/2014\/38.4.10","volume":"38","author":"JE Gerow","year":"2014","unstructured":"Gerow, J. E., Grover, V., Thatcher, J., & Roth, P. L. (2014). Looking toward the future of IT-business strategic alignment through the past: A meta-analysis. Management Information Systems Quarterly, 38(4), 1159\u20131185.","journal-title":"Management Information Systems Quarterly"},{"key":"9956_CR29","volume-title":"Crime, punishment, and deterrence","author":"JP Gibbs","year":"1975","unstructured":"Gibbs, J. P. (1975). Crime, punishment, and deterrence. New York: Elsevier."},{"issue":"6","key":"9956_CR30","doi-asserted-by":"publisher","first-page":"320","DOI":"10.1016\/j.im.2012.08.001","volume":"49","author":"KH Guo","year":"2012","unstructured":"Guo, K. H., & Yuan, Y. (2012). The effects of multilevel sanctions on information security violations: A mediating model. Information and Management, 49(6), 320\u2013326. \nhttps:\/\/doi.org\/10.1016\/j.im.2012.08.001\n\n.","journal-title":"Information and Management"},{"issue":"2","key":"9956_CR31","doi-asserted-by":"publisher","first-page":"203","DOI":"10.2753\/MIS0742-1222280208","volume":"28","author":"KH Guo","year":"2011","unstructured":"Guo, K. H., Yuan, Y., Archer, N. P., & Connelly, C. E. (2011). Understanding nonmalicious security violations in the workplace: A composite behavior model. Journal of Management Information Systems, 28(2), 203\u2013236. \nhttps:\/\/doi.org\/10.2753\/MIS0742-1222280208\n\n.","journal-title":"Journal of Management Information Systems"},{"issue":"3","key":"9956_CR32","doi-asserted-by":"publisher","first-page":"257","DOI":"10.2307\/249656","volume":"20","author":"SJ Harrington","year":"1996","unstructured":"Harrington, S. J. (1996). The effect of codes of ethics and personal denial of responsibility on computer abuse judgments and intentions. MIS Quarterly, 20(3), 257\u2013278. \nhttps:\/\/doi.org\/10.2307\/249656\n\n.","journal-title":"MIS Quarterly"},{"issue":"2","key":"9956_CR33","doi-asserted-by":"publisher","first-page":"106","DOI":"10.1057\/ejis.2009.6","volume":"18","author":"T Herath","year":"2009","unstructured":"Herath, T., & Rao, H. R. (2009a). Protection motivation and deterrence: A framework for security policy compliance in organisations. European Journal of Information Systems, 18(2), 106\u2013125. \nhttps:\/\/doi.org\/10.1057\/ejis.2009.6\n\n.","journal-title":"European Journal of Information Systems"},{"issue":"2","key":"9956_CR34","doi-asserted-by":"publisher","first-page":"154","DOI":"10.1016\/j.dss.2009.02.005","volume":"47","author":"T Herath","year":"2009","unstructured":"Herath, T., & Rao, H. R. (2009b). Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness. Decision Support Systems, 47(2), 154\u2013165. \nhttps:\/\/doi.org\/10.1016\/j.dss.2009.02.005\n\n.","journal-title":"Decision Support Systems"},{"key":"9956_CR35","volume-title":"Culture\u2019s consequences: International differences in work-related values","author":"G Hofstede","year":"1980","unstructured":"Hofstede, G. (1980). Culture\u2019s consequences: International differences in work-related values. London: Sage Publications."},{"key":"9956_CR36","volume-title":"Cultures and organizations: Software of the mind","author":"G Hofstede","year":"2010","unstructured":"Hofstede, G., Hofstede, G. J., & Minkov, M. (2010). Cultures and organizations: Software of the mind. New York: McGraw-Hill."},{"issue":"2","key":"9956_CR37","doi-asserted-by":"publisher","first-page":"99","DOI":"10.1016\/j.im.2011.12.005","volume":"49","author":"A Hovav","year":"2012","unstructured":"Hovav, A., & D\u2019Arcy, J. (2012). Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the U.S. and South Korea. Information and Management, 49(2), 99\u2013110. \nhttps:\/\/doi.org\/10.1016\/j.im.2011.12.005\n\n.","journal-title":"Information and Management"},{"key":"9956_CR38","unstructured":"Hu, Q., & Xu, Z. (2018). The role of rational calculus in controlling individual propensity toward information security policy non-compliance behavior. In Proceedings of the 51st Hawaii International Conference on System Sciences (pp. 3688\u20133697)."},{"issue":"6","key":"9956_CR39","doi-asserted-by":"publisher","first-page":"54","DOI":"10.1145\/1953122.1953142","volume":"54","author":"Q Hu","year":"2011","unstructured":"Hu, Q., Xu, Z., Dinev, T., & Ling, H. (2011). Does deterrence work in reducing information security policy abuse by employees? Communications of the ACM, 54(6), 54\u201360. \nhttps:\/\/doi.org\/10.1145\/1953122.1953142\n\n.","journal-title":"Communications of the ACM"},{"issue":"4","key":"9956_CR40","doi-asserted-by":"publisher","first-page":"311","DOI":"10.7763\/IJIET.2015.V5.522","volume":"5","author":"N Humaidi","year":"2015","unstructured":"Humaidi, N., & Balakrishnan, V. (2015). Leadership styles and information security compliance behavior: The mediator effect of information security awareness. International Journal of Information and Education Technology, 5(4), 311\u2013318. \nhttps:\/\/doi.org\/10.7763\/IJIET.2015.V5.522\n\n.","journal-title":"International Journal of Information and Education Technology"},{"key":"9956_CR41","doi-asserted-by":"publisher","unstructured":"Humaidi, N., Balakrishnan, V., & Shahrom, M. (2014). Exploring user\u2019s compliance behavior towards health information system security policies based on extended health belief model. 2014 IEEE Conference on e-Learning, e-Management and e-Services (IC3e), 30\u201335. \nhttps:\/\/doi.org\/10.1109\/IC3e.2014.7081237\n\n.","DOI":"10.1109\/IC3e.2014.7081237"},{"key":"9956_CR42","doi-asserted-by":"publisher","DOI":"10.4135\/9781412985031","volume-title":"Methods of meta-analysis: Correcting error and bias in research findings","author":"JE Hunter","year":"2004","unstructured":"Hunter, J. E., & Schmidt, F. L. (2004). Methods of meta-analysis: Correcting error and bias in research findings (2nd ed.). Newbury Park: SAGE Publications.","edition":"2"},{"issue":"3\u20134","key":"9956_CR43","doi-asserted-by":"publisher","first-page":"171","DOI":"10.1016\/j.im.2012.02.003","volume":"49","author":"Y Hwang","year":"2012","unstructured":"Hwang, Y., & Lee, K. C. (2012). Investigating the moderating role of uncertainty avoidance cultural values on multidimensional online trust. Information & Management, 49(3\u20134), 171\u2013176. \nhttps:\/\/doi.org\/10.1016\/j.im.2012.02.003\n\n.","journal-title":"Information & Management"},{"key":"9956_CR44","unstructured":"ISO\/IEC. (2013a). ISO\/IEC 27001:2013 Information technology \u2014 Security techniques \u2014 Information security management systems \u2014 Requirements (Vol. 2013)."},{"key":"9956_CR45","unstructured":"ISO\/IEC. (2013b). ISO\/IEC 27002:2013 Information technology \u2014 Security techniques \u2014 Code of practice for information security controls (Vol. 2013)."},{"issue":"1","key":"9956_CR46","doi-asserted-by":"publisher","first-page":"113","DOI":"10.25300\/MISQ\/2015\/39.1.06","volume":"39","author":"AC Johnston","year":"2015","unstructured":"Johnston, A. C., Warkentin, M., & Siponen, M. (2015). An enhanced fear appeal rhetorical framework: Leveraging threats to the human asset through sanctioning rhetoric. MIS Quarterly, 39(1), 113\u2013134. \nhttps:\/\/doi.org\/10.25300\/MISQ\/2015\/39.1.06\n\n.","journal-title":"MIS Quarterly"},{"issue":"2","key":"9956_CR47","doi-asserted-by":"publisher","first-page":"263","DOI":"10.2307\/1914185","volume":"47","author":"D Kahneman","year":"1979","unstructured":"Kahneman, D., & Tversky, A. (1979). Prospect theory: An analysis of decision under risk. Econometrica, 47(2), 263\u2013291.","journal-title":"Econometrica"},{"issue":"1","key":"9956_CR48","doi-asserted-by":"publisher","first-page":"665","DOI":"10.17705\/1cais.01632","volume":"16","author":"WR King","year":"2015","unstructured":"King, W. R., & He, J. (2015). Understanding the role and methods of meta-analysis in IS research. Communications of the Association for Information Systems, 16(1), 665\u2013686. \nhttps:\/\/doi.org\/10.17705\/1cais.01632\n\n.","journal-title":"Communications of the Association for Information Systems"},{"issue":"4","key":"9956_CR49","doi-asserted-by":"publisher","first-page":"744","DOI":"10.5465\/amj.2009.43669971","volume":"52","author":"BL Kirkman","year":"2009","unstructured":"Kirkman, B. L., Chen, G., Farh, J.-L., Chen, Z. X., & Lowe, K. B. (2009). Individual power distance orientation and follower reactions to transformational leaders: A cross-level, cross-cultural examination. Academy of Management Journal, 52(4), 744\u2013764.","journal-title":"Academy of Management Journal"},{"issue":"12","key":"9956_CR50","doi-asserted-by":"publisher","first-page":"198","DOI":"10.1007\/s10916-017-0833-1","volume":"41","author":"K Kuo","year":"2017","unstructured":"Kuo, K., Talley, P. C., Hung, M., & Chen, Y. (2017). A deterrence approach to regulate nurses\u2019 compliance with electronic medical records privacy policy. Journal of Medical Systems, 41(12), 198\u2013208.","journal-title":"Journal of Medical Systems"},{"issue":"3","key":"9956_CR51","doi-asserted-by":"publisher","first-page":"187","DOI":"10.1007\/s12144-009-9056-z","volume":"28","author":"JL Ladbury","year":"2009","unstructured":"Ladbury, J. L., & Hinsz, V. B. (2009). Uncertainty avoidance influences choices for potential gains but not losses. Current Psychology, 28(3), 187\u2013193. \nhttps:\/\/doi.org\/10.1007\/s12144-009-9056-z\n\n.","journal-title":"Current Psychology"},{"issue":"6","key":"9956_CR52","doi-asserted-by":"publisher","first-page":"707","DOI":"10.1016\/j.im.2003.08.008","volume":"41","author":"SM Lee","year":"2004","unstructured":"Lee, S. M., Lee, S. G., & Yoo, S. (2004). An integrative model of computer abuse based on social control and general deterrence theories. Information and Management, 41(6), 707\u2013718. \nhttps:\/\/doi.org\/10.1016\/j.im.2003.08.008\n\n.","journal-title":"Information and Management"},{"key":"9956_CR53","unstructured":"Lee, H., Jeon, S., & Zeelim-Hovav, A. (2016). Impact of psychological empowerment, position and awareness of audit on information security policy compliance intention. In Proceedings of the Pacific Asia Conference on Information Systems 2016 (p. 62)."},{"key":"9956_CR54","unstructured":"Li, W., & Cheng, L. (2013). Effects of neutralization techniques and rational choice theory on internet abuse in the workplace. In Proceedings of the Pacific Asia Conference on Information Systems 2013 (p. 169)."},{"issue":"4","key":"9956_CR55","doi-asserted-by":"publisher","first-page":"635","DOI":"10.1016\/j.dss.2009.12.005","volume":"48","author":"H Li","year":"2010","unstructured":"Li, H., Zhang, J., & Sarathy, R. (2010). Understanding compliance with internet use policy from the perspective of rational choice theory. Decision Support Systems, 48(4), 635\u2013645. \nhttps:\/\/doi.org\/10.1016\/j.dss.2009.12.005\n\n.","journal-title":"Decision Support Systems"},{"issue":"6","key":"9956_CR56","doi-asserted-by":"publisher","first-page":"479","DOI":"10.1111\/isj.12037","volume":"24","author":"H Li","year":"2014","unstructured":"Li, H., Sarathy, R., Zhang, J., & Luo, X. (2014). Exploring the effects of organizational justice, personal ethics and sanction on internet use policy compliance. Information Systems Journal, 24(6), 479\u2013502. \nhttps:\/\/doi.org\/10.1111\/isj.12037\n\n.","journal-title":"Information Systems Journal"},{"issue":"1","key":"9956_CR57","doi-asserted-by":"publisher","first-page":"107","DOI":"10.1037\/a0024610","volume":"97","author":"H Lian","year":"2012","unstructured":"Lian, H., Ferris, D. L., & Brown, D. J. (2012). Does power distance exacerbate or mitigate the effects of abusive supervision? It depends on the outcome. Journal of Applied Psychology, 97(1), 107\u2013123. \nhttps:\/\/doi.org\/10.1037\/a0024610\n\n.","journal-title":"Journal of Applied Psychology"},{"issue":"2","key":"9956_CR58","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1080\/08874417.2009.11645384","volume":"50","author":"Q Liao","year":"2009","unstructured":"Liao, Q., Gurung, A., Luo, X., Li, L., Gurung, A., & Li, L. (2009). Workplace management and employee misuse\u00a0: Does punishment matter\u00a0? Workplace management and employee misuse\u00a0: Does punishment matter\u00a0? Journal of Computer Information Systems, 50(2), 49\u201359. \nhttps:\/\/doi.org\/10.1080\/08874417.2009.11645384\n\n.","journal-title":"Journal of Computer Information Systems"},{"issue":"3","key":"9956_CR59","doi-asserted-by":"publisher","first-page":"193","DOI":"10.1111\/isj.12063","volume":"25","author":"PB Lowry","year":"2015","unstructured":"Lowry, P. B., Posey, C., Bennett, R., Becky, J., & Roberts, T. L. (2015). Leveraging fairness and reactance theories to deter reactive computer abuse following enhanced organisational information security policies: An empirical study of the influence of counterfactual reasoning and organisational trust. Information Systems Journal, 25(3), 193\u2013273. \nhttps:\/\/doi.org\/10.1111\/isj.12063\n\n.","journal-title":"Information Systems Journal"},{"issue":"3","key":"9956_CR60","doi-asserted-by":"publisher","first-page":"431","DOI":"10.2307\/25750685","volume":"34","author":"MA Mahmood","year":"2010","unstructured":"Mahmood, M. A., Siponen, M., Straub, D., Rao, H. R., & Raghu, T. S. (2010). Moving toward black hat research in information systems security: An editorial introduction to the special issue. MIS Quarterly, 34(3), 431\u2013433.","journal-title":"MIS Quarterly"},{"key":"9956_CR61","doi-asserted-by":"publisher","first-page":"147","DOI":"10.1016\/j.cose.2018.01.020","volume":"75","author":"P Menard","year":"2018","unstructured":"Menard, P., Warkentin, M., & Lowry, P. B. (2018). The impact of collectivism and psychological ownership on protection motivation: A cross-cultural examination. Computers and Security, 75, 147\u2013166. \nhttps:\/\/doi.org\/10.1016\/j.cose.2018.01.020\n\n.","journal-title":"Computers and Security"},{"issue":"1","key":"9956_CR62","doi-asserted-by":"publisher","first-page":"285","DOI":"10.25300\/MISQ\/2018\/13853","volume":"42","author":"Gregory D. Moody","year":"2018","unstructured":"Moody, G. D., Siponen, M., & Pahnila, S. (2018). Toward a unified model of information security policy compliance. MIS Quarterly, 42(1), 285\u2013312. \nhttps:\/\/doi.org\/10.25300\/MISQ\/2018\/13853\n\n.","journal-title":"MIS Quarterly"},{"issue":"3","key":"9956_CR63","doi-asserted-by":"publisher","first-page":"261","DOI":"10.1080\/08874417.2016.1153922","volume":"56","author":"R Moquin","year":"2016","unstructured":"Moquin, R., & Wakefield, R. L. (2016). The roles of awareness, sanctions, and ethics in software compliance. Journal of Computer Information Systems, 56(3), 261\u2013270.","journal-title":"Journal of Computer Information Systems"},{"key":"9956_CR64","unstructured":"Mou, J., Cohen, J., & Kim, J. (2017). A meta-analytic structural equation modeling test of protection motivation theory in information security literature. In Thirty Eighth International Conference on Information Systems (pp. 1\u201320)."},{"issue":"3","key":"9956_CR65","doi-asserted-by":"publisher","first-page":"194","DOI":"10.1016\/j.jom.2009.11.001","volume":"28","author":"M Naor","year":"2010","unstructured":"Naor, M., Linderman, K., & Schroeder, R. (2010). The globalization of operations in eastern and Western countries: Unpacking the relationship between national and organizational culture and its impact on manufacturing performance. Journal of Operations Management, 28(3), 194\u2013205. \nhttps:\/\/doi.org\/10.1016\/j.jom.2009.11.001\n\n.","journal-title":"Journal of Operations Management"},{"key":"9956_CR66","doi-asserted-by":"publisher","unstructured":"Pahnila, S., Siponen, M., & Mahmood, M. A. (2007). Employees\u2019 behavior towards IS security policy compliance. In Proceedings of the Annual Hawaii International Conference on System Sciences (pp. 156\u2013166). \nhttps:\/\/doi.org\/10.1109\/HICSS.2007.206\n\n.","DOI":"10.1109\/HICSS.2007.206"},{"key":"9956_CR67","doi-asserted-by":"publisher","first-page":"64","DOI":"10.1016\/j.cose.2016.10.011","volume":"65","author":"EH Park","year":"2017","unstructured":"Park, E. H., Kim, J., & Park, Y. S. (2017). The role of information security learning and individual factors in disclosing patients \u2019 health information. Computers & Security, 65, 64\u201376. \nhttps:\/\/doi.org\/10.1016\/j.cose.2016.10.011\n\n.","journal-title":"Computers & Security"},{"issue":"1","key":"9956_CR68","doi-asserted-by":"publisher","first-page":"7","DOI":"10.2307\/3053879","volume":"23","author":"R Paternoster","year":"1989","unstructured":"Paternoster, R. (1989). Decisions to participate in and desist from four types of common delinquency: Deterrence and the rational choice Perspective. Law & Society Review, 23(1), 7\u201340. \nhttps:\/\/doi.org\/10.2307\/3053879\n\n.","journal-title":"Law & Society Review"},{"issue":"3","key":"9956_CR69","first-page":"765","volume":"100","author":"R Paternoster","year":"2010","unstructured":"Paternoster, R. (2010). How much do we really know about criminal deterrence. Journal of Criminal Law and Criminology, 100(3), 765\u2013824.","journal-title":"Journal of Criminal Law and Criminology"},{"key":"9956_CR70","first-page":"37","volume-title":"Advances in criminological theory volume 5: Routine activity and rational choice","author":"R Paternoster","year":"1993","unstructured":"Paternoster, R., & Simpson, S. (1993). A rational choice theory of corporate crime. In R. V. Clarke & M. Felson (Eds.), Advances in criminological theory volume 5: Routine activity and rational choice (pp. 37\u201358). New Brunswick: Transaction Books."},{"issue":"3","key":"9956_CR71","doi-asserted-by":"publisher","first-page":"549","DOI":"10.2307\/3054128","volume":"30","author":"R Paternoster","year":"1996","unstructured":"Paternoster, R., & Simpson, S. (1996). Sanction threats and appeals to morality: Testing a rational choice model of corporate crime. Law & Society Review, 30(3), 549\u2013584.","journal-title":"Law & Society Review"},{"issue":"1","key":"9956_CR72","doi-asserted-by":"publisher","first-page":"153","DOI":"10.1080\/07421222.2003.11045759","volume":"20","author":"AG Peace","year":"2003","unstructured":"Peace, A. G., Galletta, D. F., & Thong, J. Y. L. (2003). Software piracy in the workplace: A model and empirical test. Journal of Management Information Systems, 20(1), 153\u2013177. \nhttps:\/\/doi.org\/10.1080\/07421222.2003.11045759\n\n.","journal-title":"Journal of Management Information Systems"},{"issue":"1","key":"9956_CR73","first-page":"24","volume":"7","author":"C Posey","year":"2011","unstructured":"Posey, C., Bennett, R. J., Roberts, T. L., & Lowry, P. B. (2011). When computer monitoring backfires: Invasion of privacy and organizational injustice as precursors to computer abuse. Journal of Information System Security, 7(1), 24\u201347.","journal-title":"Journal of Information System Security"},{"key":"9956_CR74","first-page":"367","volume-title":"Taking stock: The status of criminological theory","author":"TC Pratt","year":"2006","unstructured":"Pratt, T. C., Cullen, F. T., Blevins, K. R., Daigle, L. E., & Madensen, T. D. (2006). The empirical status of deterrence theory: A meta-analysis. In F. T. Cullen, J. P. Wright, & K. R. Blevins (Eds.), Taking stock: The status of criminological theory (pp. 367\u2013395). Piscataway: Transaction Publishers."},{"issue":"4","key":"9956_CR75","doi-asserted-by":"publisher","first-page":"757","DOI":"10.2307\/25750704","volume":"34","author":"P Puhakainen","year":"2010","unstructured":"Puhakainen, P., & Siponen, M. (2010). Improving Employee\u2019s compliance through information systems security training: An action research study. MIS Quarterly, 34(4), 757\u2013778.","journal-title":"MIS Quarterly"},{"issue":"2","key":"9956_CR76","doi-asserted-by":"publisher","first-page":"178","DOI":"10.1108\/ICS-05-2014-0029","volume":"23","author":"W Rocha Flores","year":"2015","unstructured":"Rocha Flores, W., Holm, H., Nohlberg, M., & Ekstedt, M. (2015). Investigating personal determinants of phishing and the effect of national culture. Information and Computer Security, 23(2), 178\u2013199. \nhttps:\/\/doi.org\/10.1108\/ICS-05-2014-0029\n\n.","journal-title":"Information and Computer Security"},{"issue":"3","key":"9956_CR77","doi-asserted-by":"publisher","first-page":"638","DOI":"10.1037\/0033-2909.86.3.638","volume":"86","author":"R Rosenthal","year":"1979","unstructured":"Rosenthal, R. (1979). The file drawer problem and tolerance for null results. Psychological Bulletin, 86(3), 638\u2013641.","journal-title":"Psychological Bulletin"},{"key":"9956_CR78","doi-asserted-by":"publisher","DOI":"10.4135\/9781412984997","volume-title":"Metaanalytic procedures for social research","author":"R Rosenthal","year":"1991","unstructured":"Rosenthal, R. (1991). Metaanalytic procedures for social research (2nd ed.). California: SAGE Publications.","edition":"2"},{"issue":"5","key":"9956_CR79","doi-asserted-by":"publisher","first-page":"1205","DOI":"10.1007\/s10796-016-9648-8","volume":"19","author":"D Schatz","year":"2017","unstructured":"Schatz, D., & Bashroush, R. (2017). Economic valuation for information security investment: A systematic literature review. Information Systems Frontiers, 19(5), 1205\u20131228. \nhttps:\/\/doi.org\/10.1007\/s10796-016-9648-8\n\n.","journal-title":"Information Systems Frontiers"},{"issue":"3","key":"9956_CR80","doi-asserted-by":"publisher","first-page":"487","DOI":"10.2307\/25750688","volume":"34","author":"M Siponen","year":"2010","unstructured":"Siponen, M., & Vance, A. (2010). Neutralization: New insights into the problem of employee information systems security policy violations. MIS Quarterly, 34(3), 487\u2013502.","journal-title":"MIS Quarterly"},{"issue":"3","key":"9956_CR81","doi-asserted-by":"publisher","first-page":"289","DOI":"10.1057\/ejis.2012.59","volume":"23","author":"M Siponen","year":"2014","unstructured":"Siponen, M., & Vance, A. (2014). Guidelines for improving the contextual relevance of field surveys: The case of information security policy violations. European Journal of Information Systems, 23(3), 289\u2013305. \nhttps:\/\/doi.org\/10.1057\/ejis.2012.59\n\n.","journal-title":"European Journal of Information Systems"},{"key":"9956_CR82","doi-asserted-by":"publisher","first-page":"133","DOI":"10.1007\/978-0-387-72367-9_12","volume-title":"New Approaches for Security, Privacy and Trust in Complex Environments","author":"Mikko Siponen","year":"2007","unstructured":"Siponen, M., Pahnila, S., & Mahmood, M. A. (2007). Employees\u2019 adherence to information security policies: An empirical study. In Proceedings of the IFIP SEC (pp. 133\u2013144). \nhttps:\/\/doi.org\/10.1007\/978-0-387-72367-9_12\n\n."},{"issue":"1","key":"9956_CR83","doi-asserted-by":"publisher","first-page":"42","DOI":"10.1108\/IMCS-08-2012-0045","volume":"22","author":"T Sommestad","year":"2014","unstructured":"Sommestad, T., Hallberg, J., Lundholm, K., & Bengtsson, J. (2014). Variables influencing information security policy compliance. Information Management & Computer Security, 22(1), 42\u201375. \nhttps:\/\/doi.org\/10.1108\/IMCS-08-2012-0045\n\n.","journal-title":"Information Management & Computer Security"},{"issue":"1","key":"9956_CR84","doi-asserted-by":"publisher","first-page":"26","DOI":"10.4018\/IJISP.2015010102","volume":"9","author":"T Sommestad","year":"2015","unstructured":"Sommestad, T., Karlz\u00e9n, H., & Hallberg, J. (2015). A meta-analysis of studies on protection motivation theory and information security behaviour. International Journal of Information Security and Privacy, 9(1), 26\u201346. \nhttps:\/\/doi.org\/10.4018\/IJISP.2015010102\n\n.","journal-title":"International Journal of Information Security and Privacy"},{"issue":"7","key":"9956_CR85","doi-asserted-by":"publisher","first-page":"296","DOI":"10.1016\/j.im.2011.07.002","volume":"48","author":"J-Y Son","year":"2011","unstructured":"Son, J.-Y. (2011). Out of fear or desire? Toward a better understanding of employees\u2019 motivation to follow IS security policies. Information and Management, 48(7), 296\u2013302. \nhttps:\/\/doi.org\/10.1016\/j.im.2011.07.002\n\n.","journal-title":"Information and Management"},{"issue":"3","key":"9956_CR86","doi-asserted-by":"publisher","first-page":"309","DOI":"10.1016\/j.ijinfomgt.2015.12.005","volume":"36","author":"J-Y Son","year":"2016","unstructured":"Son, J.-Y., & Park, J. (2016). Procedural justice to enhance compliance with non-work-related computing (NWRC) rules: Its determinants and interaction with privacy concerns. International Journal of Information Management, 36(3), 309\u2013321. \nhttps:\/\/doi.org\/10.1016\/j.ijinfomgt.2015.12.005\n\n.","journal-title":"International Journal of Information Management"},{"issue":"3","key":"9956_CR87","doi-asserted-by":"publisher","first-page":"255","DOI":"10.1287\/isre.1.3.255","volume":"1","author":"D Straub","year":"1990","unstructured":"Straub, D. (1990). Effective IS Securty: An empirical study. Information Systems Research, 1(3), 255\u2013276. \nhttps:\/\/doi.org\/10.1287\/isre.1.3.255\n\n.","journal-title":"Information Systems Research"},{"issue":"2","key":"9956_CR88","doi-asserted-by":"publisher","first-page":"123","DOI":"10.1037\/0021-9010.77.2.123","volume":"77","author":"FS Switzer","year":"1992","unstructured":"Switzer, F. S., Paese, P. W., & Drasgow, F. (1992). Bootstrap estimates of standard errors in validity generalization. Journal of Applied Psychology, 77(2), 123\u2013129.","journal-title":"Journal of Applied Psychology"},{"issue":"1","key":"9956_CR89","doi-asserted-by":"publisher","first-page":"75","DOI":"10.19030\/rbis.v12i1.4399","volume":"12","author":"JC Ugrin","year":"2011","unstructured":"Ugrin, J. C., Pearson, J. M., & Odom, M. D. (2011). Cyber-slacking: Self-control, prior behavior and the impact of deterrence measures. Review of Business Information Systems, 12(1), 75. \nhttps:\/\/doi.org\/10.19030\/rbis.v12i1.4399\n\n.","journal-title":"Review of Business Information Systems"},{"issue":"12","key":"9956_CR90","doi-asserted-by":"publisher","first-page":"1187","DOI":"10.17705\/1jais.00524","volume":"19","author":"R Willison","year":"2018","unstructured":"Willison, R., Lowry, P. B., & Paternoster, R. (2018a). A tale of two deterrents: Considering the role of absolute and restrictive deterrence to inspire new directions in behavioral and organizational security research. Journal of the Association for Information Systems, 19(12), 1187\u20131216 \nhttp:\/\/www.ncl.ac.uk\/business-school\/staff\/profile\/robertwillison.html%0Ahttps:\/\/seanacademic.qualtrics.com\/SE\/?SID=SV_7WCaP0V7FA0GWWx%0Ahttps:\/\/ssrn.com\/abstract=3099392\n\n.","journal-title":"Journal of the Association for Information Systems"},{"issue":"2","key":"9956_CR91","doi-asserted-by":"publisher","first-page":"266","DOI":"10.1111\/isj.12129","volume":"28","author":"R Willison","year":"2018","unstructured":"Willison, R., Warkentin, M., & Johnston, A. C. (2018b). Examining employee computer abuse intentions: Insights from justice, deterrence and neutralization perspectives. Information Systems Journal, 28(2), 266\u2013293. \nhttps:\/\/doi.org\/10.1111\/isj.12129\n\n.","journal-title":"Information Systems Journal"},{"issue":"4","key":"9956_CR92","doi-asserted-by":"publisher","first-page":"218","DOI":"10.1016\/j.infoandorg.2009.06.001","volume":"19","author":"M Workman","year":"2009","unstructured":"Workman, M. (2009). A field study of corporate employee monitoring: Attitudes, absenteeism, and the moderating influences of procedural justice perceptions. Information and Organization, 19(4), 218\u2013232. \nhttps:\/\/doi.org\/10.1016\/j.infoandorg.2009.06.001\n\n.","journal-title":"Information and Organization"},{"issue":"2","key":"9956_CR93","doi-asserted-by":"publisher","first-page":"419","DOI":"10.2307\/20650298","volume":"33","author":"J Wu","year":"2009","unstructured":"Wu, J., & Lederer, A. (2009). A meta-analysis of the role of environment based voluntariness in information technology acceptance. Management Information Systems Quarterly, 33(2), 419\u2013432.","journal-title":"Management Information Systems Quarterly"},{"issue":"5","key":"9956_CR94","doi-asserted-by":"publisher","first-page":"1069","DOI":"10.1007\/s10796-017-9807-6","volume":"21","author":"Feng Xu","year":"2017","unstructured":"Xu, F., Luo, X. R., Zhang, H., Liu, S., & Huang, W. W. (2017). Do strategy and timing in IT security investments matter? An empirical investigation of the alignment effect. Information Systems Frontiers, 1\u201315. \nhttps:\/\/doi.org\/10.1007\/s10796-017-9807-6\n\n.","journal-title":"Information Systems Frontiers"},{"issue":"2","key":"9956_CR95","doi-asserted-by":"publisher","first-page":"400","DOI":"10.1287\/isre.1090.0266","volume":"22","author":"Y Xue","year":"2011","unstructured":"Xue, Y., Liang, H., & Wu, L. (2011). Punishment, justice, and compliance in mandatory IT settings. Information Systems Research, 22(2), 400\u2013414. \nhttps:\/\/doi.org\/10.1287\/isre.1090.0266\n\n.","journal-title":"Information Systems Research"},{"issue":"4","key":"9956_CR96","doi-asserted-by":"publisher","first-page":"401","DOI":"10.1108\/ITP-12-2012-0147","volume":"26","author":"C Yoon","year":"2013","unstructured":"Yoon, C., & Kim, H. (2013). Understanding computer security behavioral intention in the workplace. Information Technology & People, 26(4), 401\u2013419. \nhttps:\/\/doi.org\/10.1108\/ITP-12-2012-0147\n\n.","journal-title":"Information Technology & People"}],"container-title":["Information Systems Frontiers"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-019-09956-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10796-019-09956-4\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-019-09956-4.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,10,23]],"date-time":"2020-10-23T23:25:57Z","timestamp":1603495557000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10796-019-09956-4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,10,25]]},"references-count":96,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2019,12]]}},"alternative-id":["9956"],"URL":"https:\/\/doi.org\/10.1007\/s10796-019-09956-4","relation":{},"ISSN":["1387-3326","1572-9419"],"issn-type":[{"value":"1387-3326","type":"print"},{"value":"1572-9419","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,10,25]]},"assertion":[{"value":"25 October 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}