{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,25]],"date-time":"2026-05-25T07:04:58Z","timestamp":1779692698589,"version":"3.53.1"},"reference-count":73,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2025,4,28]],"date-time":"2025-04-28T00:00:00Z","timestamp":1745798400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,4,28]],"date-time":"2025-04-28T00:00:00Z","timestamp":1745798400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"DOI":"10.13039\/100021638","name":"Social Sciences and Humanities Research Council","doi-asserted-by":"publisher","award":["435-2021-0437"],"award-info":[{"award-number":["435-2021-0437"]}],"id":[{"id":"10.13039\/100021638","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Inf Syst Front"],"published-print":{"date-parts":[[2026,4]]},"DOI":"10.1007\/s10796-025-10606-1","type":"journal-article","created":{"date-parts":[[2025,4,28]],"date-time":"2025-04-28T02:00:43Z","timestamp":1745805643000},"page":"493-504","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Barking Up the Wrong Tree? Reconsidering Policy Compliance as a Dependent Variable Within Behavioral Cybersecurity Research"],"prefix":"10.1007","volume":"28","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5819-3074","authenticated-orcid":false,"given":"W. Alec","family":"Cram","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"John","family":"D\u2019Arcy","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2025,4,28]]},"reference":[{"key":"10606_CR1","doi-asserted-by":"crossref","unstructured":"Alraja, M. N., Butt, U. J., & Abbod, M. (2023). Information security policies compliance in a global setting: An employee\u2019s perspective. Computers & Security, 129(-), 1\u201316.","DOI":"10.1016\/j.cose.2023.103208"},{"issue":"12","key":"10606_CR2","doi-asserted-by":"publisher","first-page":"1700","DOI":"10.17705\/1jais.00583","volume":"20","author":"S Aurigemma","year":"2019","unstructured":"Aurigemma, S., & Mattson, T. (2019). Generally speaking, context matters: Making the case for a change from universal to particular ISP research. Journal of the Association for Information Systems, 20(12), 1700\u20131742. https:\/\/doi.org\/10.17705\/1jais.00583","journal-title":"Journal of the Association for Information Systems"},{"issue":"3","key":"10606_CR3","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1145\/3130515.3130518","volume":"48","author":"P Balozian","year":"2017","unstructured":"Balozian, P., & Leidner, D. (2017). Review of IS security compliance: Toward the Building blocks of an IS security theory. The DATA BASE for Advances in Information Systems, 48(3), 11\u201343.","journal-title":"The DATA BASE for Advances in Information Systems"},{"key":"10606_CR4","first-page":"1","volume":"Forthcoming(-)","author":"P Balozian","year":"2017","unstructured":"Balozian, P., Leidner, D., & Warkentin, M. (2017). Managers\u2019 and employees\u2019 differing responses to security approaches. Journal of Computer Information Systems, Forthcoming(-), 1\u201314.","journal-title":"Journal of Computer Information Systems"},{"issue":"Part B","key":"10606_CR5","doi-asserted-by":"publisher","first-page":"145","DOI":"10.1016\/j.cose.2013.05.006","volume":"39","author":"JB Barlow","year":"2013","unstructured":"Barlow, J. B., Warkentin, M., Ormond, D., & Dennis, A. R. (2013). Don\u2019t make excuses! Discouraging neutralization to reduce IT policy violation. Computers & Security, 39(Part B), 145\u2013159.","journal-title":"Computers & Security"},{"issue":"8","key":"10606_CR6","doi-asserted-by":"publisher","first-page":"689","DOI":"10.17705\/1jais.00506","volume":"19","author":"JB Barlow","year":"2018","unstructured":"Barlow, J. B., Warkentin, M., Ormond, D., & Dennis, A. R. (2018). Don\u2019t even think about it! The effects of antineutralization, informational, and normative communication on information security compliance. Journal for the Association for Information Systems, 19(8), 689\u2013715. https:\/\/doi.org\/10.17705\/1jais.00506","journal-title":"Journal for the Association for Information Systems"},{"issue":"5\/6","key":"10606_CR7","doi-asserted-by":"publisher","first-page":"337","DOI":"10.1108\/09576050210447019","volume":"15","author":"RL Baskerville","year":"2002","unstructured":"Baskerville, R. L., & Siponen, M. (2002). An information security meta-policy for emergent organizations. Logistics Information Management, 15(5\/6), 337\u2013346.","journal-title":"Logistics Information Management"},{"issue":"3","key":"10606_CR8","doi-asserted-by":"publisher","first-page":"44","DOI":"10.1145\/3130515.3130519","volume":"48","author":"S Bauer","year":"2017","unstructured":"Bauer, S., & Bernroider, E. W. N. (2017). From information security awareness to reasoned compliant action: Analyzing information security policy compliance in a large banking organization. The DATA BASE for Advances in Information Systems, 48(3), 44\u201368. https:\/\/doi.org\/10.1145\/3130515.3130519","journal-title":"The DATA BASE for Advances in Information Systems"},{"key":"10606_CR9","unstructured":"Boehm, J., Curcio, N., Merrath, P., Shenton, L., & St\u00e4hle, T. (2019). The risk-based approach to cybersecurity. https:\/\/www.mckinsey.com\/~\/media\/McKinsey\/Business%20Functions\/Risk\/Our%20Insights\/The%20risk%20based%20approach%20to%20cybersecurity\/The-risk-based-approach-to-cybersecurity.pdf"},{"issue":"3","key":"10606_CR10","doi-asserted-by":"publisher","first-page":"523","DOI":"10.2307\/25750690","volume":"34","author":"B Bulgurcu","year":"2010","unstructured":"Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523\u2013548. https:\/\/doi.org\/10.2307\/25750690","journal-title":"MIS Quarterly"},{"issue":"6","key":"10606_CR11","doi-asserted-by":"publisher","first-page":"1187","DOI":"10.1111\/deci.12304","volume":"49","author":"AJ Burns","year":"2018","unstructured":"Burns, A. J., Roberts, T. L., Posey, C., Bennett, R. J., & Courtney, J. F. (2018). Intentions to comply versus intentions to protect: A VIE theory approach to Understanding the influence of insiders\u2019 awareness of organizational SETA efforts. Decision Sciences, 49(6), 1187\u20131228. https:\/\/doi.org\/10.1111\/deci.12304","journal-title":"Decision Sciences"},{"key":"10606_CR12","doi-asserted-by":"publisher","first-page":"115","DOI":"10.1111\/ijau.12016","volume":"18","author":"P Coetzee","year":"2014","unstructured":"Coetzee, P., & Lubbe, D. (2014). Improving the efficiency and effectiveness of risk-based internal audit engagements. International Journal of Auditing, 18, 115\u2013125.","journal-title":"International Journal of Auditing"},{"issue":"6","key":"10606_CR15","doi-asserted-by":"publisher","first-page":"605","DOI":"10.1057\/s41303-017-0059-9","volume":"26","author":"WA Cram","year":"2017","unstructured":"Cram, W. A., Proudfoot, J. G., & D\u2019Arcy, J. (2017). Organizational information security policies: A review and research framework. European Journal of Information Systems, 26(6), 605\u2013641. https:\/\/doi.org\/10.1057\/s41303-017-0059-9","journal-title":"European Journal of Information Systems"},{"issue":"2","key":"10606_CR14","doi-asserted-by":"publisher","first-page":"525","DOI":"10.25300\/MISQ\/2019\/15117","volume":"43","author":"WA Cram","year":"2019","unstructured":"Cram, W. A., D\u2019Arcy, J., & Proudfoot, J. G. (2019). Seeing the forest and the trees: A meta-analysis of the antecedents to information security policy compliance. MIS Quarterly, 43(2), 525\u2013554. https:\/\/doi.org\/10.25300\/MISQ\/2019\/15117","journal-title":"MIS Quarterly"},{"issue":"1","key":"10606_CR13","doi-asserted-by":"publisher","first-page":"95","DOI":"10.25300\/MISQ\/2023\/17707","volume":"48","author":"WA Cram","year":"2024","unstructured":"Cram, W. A., D\u2019Arcy, J., & Benlian, A. (2024). Time will Tell: A case for an idiographic approach for behavioral cybersecurity research. MIS Quarterly, 48(1), 95\u2013136. https:\/\/doi.org\/10.25300\/MISQ\/2023\/17707","journal-title":"MIS Quarterly"},{"issue":"2","key":"10606_CR16","doi-asserted-by":"publisher","first-page":"285","DOI":"10.2753\/MIS0742-1222310210","volume":"31","author":"J D\u2019Arcy","year":"2014","unstructured":"D\u2019Arcy, J., Herath, T., & Shoss, M. K. (2014). Understanding employee responses to stressful information security requirements: A coping perspective. Journal of Management Information Systems, 31(2), 285\u2013318. https:\/\/doi.org\/10.2753\/MIS0742-1222310210","journal-title":"Journal of Management Information Systems"},{"issue":"4","key":"10606_CR17","doi-asserted-by":"publisher","first-page":"391","DOI":"10.1111\/j.1365-2575.2007.00289.x","volume":"19","author":"T Dinev","year":"2009","unstructured":"Dinev, T., Goo, J., Hu, Q., & Nam, K. (2009). User behavior towards protective information technologies: The role of National cultural differences. Information Systems Journal, 19(4), 391\u2013412. https:\/\/doi.org\/10.1111\/j.1365-2575.2007.00289.x","journal-title":"Information Systems Journal"},{"issue":"4","key":"10606_CR19","doi-asserted-by":"publisher","first-page":"21","DOI":"10.4018\/irmj.2005100102","volume":"18","author":"NF Doherty","year":"2005","unstructured":"Doherty, N. F., & Fulford, H. (2005). Do information security policies reduce the incidence of security breaches: An exploratory analysis. Information Resources Management Journal, 18(4), 21\u201339.","journal-title":"Information Resources Management Journal"},{"issue":"6","key":"10606_CR18","doi-asserted-by":"publisher","first-page":"449","DOI":"10.1016\/j.ijinfomgt.2009.05.003","volume":"29","author":"NF Doherty","year":"2009","unstructured":"Doherty, N. F., Anastasakis, L., & Fulford, H. (2009). The information security policy unpacked: A critical study of the content of university policies. International Journal of Information Management, 29(6), 449\u2013457.","journal-title":"International Journal of Information Management"},{"key":"10606_CR20","doi-asserted-by":"publisher","unstructured":"Farshadkhah, S., Van Slyke, C., & Fuller, B. (2021). Onlooker effect and affective responses in information security violation mitigation. Computers & Security, 100(-), 1\u201316. https:\/\/doi.org\/10.1016\/j.cose.2020.102082","DOI":"10.1016\/j.cose.2020.102082"},{"issue":"11","key":"10606_CR21","doi-asserted-by":"publisher","first-page":"1650","DOI":"10.17705\/1jais.00581","volume":"20","author":"G Feng","year":"2019","unstructured":"Feng, G., Zhu, J., Wang, N., & Liang, H. (2019). How paternalistic leadership influences IT security policy compliance: The mediating role of the social bond. Journal of the Association for Information Systems, 20(11), 1650\u20131691. https:\/\/doi.org\/10.17705\/1jais.00581","journal-title":"Journal of the Association for Information Systems"},{"key":"10606_CR22","doi-asserted-by":"crossref","unstructured":"Flowerday, S. V., & Tuyikeze, T. (2016). Information security policy development and implementation: The what, how and who. Computers & Security, 61(-), 169\u2013183.","DOI":"10.1016\/j.cose.2016.06.002"},{"issue":"4","key":"10606_CR23","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1016\/j.jsis.2010.10.002","volume":"19","author":"S Goel","year":"2010","unstructured":"Goel, S., & Chengalur-Smith, I. N. (2010). Metrics for characterizing the form of security policies. Journal of Strategic Information Systems, 19(4), 281\u2013295.","journal-title":"Journal of Strategic Information Systems"},{"issue":"4","key":"10606_CR24","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.im.2021.103447","volume":"58","author":"S Goel","year":"2021","unstructured":"Goel, S., Williams, K. J., Huang, J., & Warkentin, M. (2021). Can financial incentives help with the struggle for security policy compliance? Information & Management, 58(4), 1\u201312. https:\/\/doi.org\/10.1016\/j.im.2021.103447","journal-title":"Information & Management"},{"issue":"4","key":"10606_CR25","doi-asserted-by":"publisher","first-page":"286","DOI":"10.1109\/TPC.2014.2374011","volume":"57","author":"J Goo","year":"2014","unstructured":"Goo, J., Yim, M. S., & Kim, D. J. (2014). A path to successful management of employee security compliance: An empirical study of information security climate. IEEE Transactions on Professional Communication, 57(4), 286\u2013308. https:\/\/doi.org\/10.1109\/TPC.2014.2374011","journal-title":"IEEE Transactions on Professional Communication"},{"issue":"2","key":"10606_CR26","doi-asserted-by":"publisher","first-page":"268","DOI":"10.17705\/1jais.00601","volume":"21","author":"V Grover","year":"2020","unstructured":"Grover, V., Lindberg, A., Benbasat, I., & Lyytinen, K. (2020). The perils and promises of big data research in information systems. Journal of the Association for Information Systems, 21(2), 268\u2013291.","journal-title":"Journal of the Association for Information Systems"},{"issue":"2","key":"10606_CR27","doi-asserted-by":"publisher","first-page":"220","DOI":"10.1111\/isj.12257","volume":"30","author":"KL Gwebu","year":"2020","unstructured":"Gwebu, K. L., Wang, J., & Hu, M. Y. (2020). Information security policy noncompliance: An integrative social influence model. Information Systems Journal, 30(2), 220\u2013269. https:\/\/doi.org\/10.1111\/isj.12257","journal-title":"Information Systems Journal"},{"issue":"3","key":"10606_CR28","doi-asserted-by":"publisher","first-page":"257","DOI":"10.2307\/249656","volume":"20","author":"SJ Harrington","year":"1996","unstructured":"Harrington, S. J. (1996). The effect of codes of ethics and personal denial of responsibility on computer abuse judgements and intentions. MIS Quarterly, 20(3), 257\u2013278. https:\/\/doi.org\/10.2307\/249656","journal-title":"MIS Quarterly"},{"issue":"2","key":"10606_CR29","doi-asserted-by":"publisher","first-page":"106","DOI":"10.1057\/ejis.2009.6","volume":"18","author":"T Herath","year":"2009","unstructured":"Herath, T., & Rao, H. R. (2009). Protection motivation and deterrence: A framework for security policy compliance in organisations. European Journal of Information Systems, 18(2), 106\u2013125. https:\/\/doi.org\/10.1057\/ejis.2009.6","journal-title":"European Journal of Information Systems"},{"issue":"6","key":"10606_CR30","doi-asserted-by":"publisher","first-page":"1135","DOI":"10.1108\/ITP-10-2017-0322","volume":"31","author":"T Herath","year":"2018","unstructured":"Herath, T., Yim, M. S., D\u2019Arcy, J., Nam, K., & Rao, H. R. (2018). Examining employee security violations: Moral disengagement and its environmental influences. Information Technology & People, 31(6), 1135\u20131162. https:\/\/doi.org\/10.1108\/ITP-10-2017-0322","journal-title":"Information Technology & People"},{"key":"10606_CR31","doi-asserted-by":"publisher","unstructured":"Hina, S., Selvam, D. D. D. P., & Lowry, P. B. (2019). Institutional governance and protection motivation: Theoretical insights into shaping employees\u2019 security compliance behavior in higher education institutions in the developing world. Computers & Security, 87(-), 1\u201315. https:\/\/doi.org\/10.1016\/j.cose.2019.101594","DOI":"10.1016\/j.cose.2019.101594"},{"issue":"2","key":"10606_CR32","doi-asserted-by":"publisher","first-page":"154","DOI":"10.1080\/0960085X.2021.1908184","volume":"32","author":"A Hovav","year":"2023","unstructured":"Hovav, A., Gnizy, I., & Han, J. (2023). The effects of cyber regulations and security policies on organizational outcomes: A knowledge management perspective. European Journal of Information Systems, 32(2), 154\u2013172.","journal-title":"European Journal of Information Systems"},{"key":"10606_CR33","doi-asserted-by":"crossref","unstructured":"Howard, P. D. (2003). The security policy life cycle: Functions and responsibilities. In H. F. Tipton, & M. Krause (Eds.), Information security management handbook (pp. 297\u2013311). Auerbach.","DOI":"10.1201\/9781420072419.ch19"},{"issue":"2","key":"10606_CR34","doi-asserted-by":"publisher","first-page":"282","DOI":"10.1287\/isre.2015.0569","volume":"26","author":"JSC Hsu","year":"2015","unstructured":"Hsu, J. S. C., Shih, S. P., Hung, Y. W., & Lowry, P. B. (2015). The role of extra-role behaviors and social controls in information security policy effectiveness. Information Systems Research, 26(2), 282\u2013300. https:\/\/doi.org\/10.1287\/isre.2015.0569","journal-title":"Information Systems Research"},{"issue":"1","key":"10606_CR35","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1108\/OIR-11-2015-0358","volume":"41","author":"I Hwang","year":"2017","unstructured":"Hwang, I., Kim, D., Kim, T., & Kim, S. (2017). Why not comply with information security? An empirical approach for the causes of non-compliance. Online Information Review, 41(1), 2\u201318. https:\/\/doi.org\/10.1108\/OIR-11-2015-0358","journal-title":"Online Information Review"},{"issue":"4","key":"10606_CR36","doi-asserted-by":"publisher","first-page":"345","DOI":"10.1080\/08874417.2019.1650676","volume":"61","author":"I Hwang","year":"2021","unstructured":"Hwang, I., Wakefield, R., Kim, S., & Kim, T. (2021). Security awareness: The first step in information security compliance behavior. Journal of Computer Information Systems, 61(4), 345\u2013356. https:\/\/doi.org\/10.1080\/08874417.2019.1650676","journal-title":"Journal of Computer Information Systems"},{"key":"10606_CR37","unstructured":"IBM Security (2023). IBM X-Force threat intelligence report 2023. https:\/\/www.ibm.com\/reports\/threat-intelligence"},{"issue":"3","key":"10606_CR38","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.im.2020.103318","volume":"58","author":"L Jaeger","year":"2021","unstructured":"Jaeger, L., Eckhardt, A., & Kroenung, J. (2021). The role of deterrability for the effect of multi-level sanctions on information security policy compliance: Results of a multigroup analysis. Information & Management, 58(3), 1\u201314. https:\/\/doi.org\/10.1016\/j.im.2020.103318","journal-title":"Information & Management"},{"key":"10606_CR39","unstructured":"Jenkins, J. L., & Durcikova, A. (2013). What, I shouldn\u2019t have done that? The influence of training and just-in-time reminders on secure behavior. Thirty-Fourth International Conference on Information Systems, Milan, Italy."},{"issue":"1","key":"10606_CR40","doi-asserted-by":"publisher","first-page":"246","DOI":"10.17705\/1jais.00660","volume":"22","author":"JL Jenkins","year":"2021","unstructured":"Jenkins, J. L., Durcikova, A., & NunamakerJr., J. F. (2021). Mitigating the security intention-behavior Gap: The moderating role of required effort on the intention-behavior relationship. Journal of the Association for Information Systems, 22(1), 246\u2013272. https:\/\/doi.org\/10.17705\/1jais.00660","journal-title":"Journal of the Association for Information Systems"},{"issue":"2","key":"10606_CR41","doi-asserted-by":"publisher","first-page":"599","DOI":"10.1108\/ITP-05-2018-0256","volume":"34","author":"S Jeon","year":"2020","unstructured":"Jeon, S., Son, I., & Han, J. (2020). Exploring the role of intrinsic motivation in ISSP compliance: Enterprise digital rights management system case. Information Technology & People, 34(2), 599\u2013616. https:\/\/doi.org\/10.1108\/ITP-05-2018-0256","journal-title":"Information Technology & People"},{"key":"10606_CR42","doi-asserted-by":"crossref","unstructured":"Jeske, D., & van Schaik, P. (2017). Familiarity with internet threats: Beyond awareness. Computers & Security, 66(-), 129\u2013141.","DOI":"10.1016\/j.cose.2017.01.010"},{"issue":"3","key":"10606_CR43","doi-asserted-by":"publisher","first-page":"549","DOI":"10.2307\/25750691","volume":"34","author":"AC Johnston","year":"2010","unstructured":"Johnston, A. C., & Warkentin, M. (2010). Fear appeals and information security behaviors: An empirical study. MIS Quarterly, 34(3), 549\u2013566. https:\/\/doi.org\/10.2307\/25750691","journal-title":"MIS Quarterly"},{"key":"10606_CR44","doi-asserted-by":"crossref","unstructured":"Karlsson, F., Hedstr\u00f6m, K., & Goldkuhl, G. (2017). Practice-based discourse analysis of information security policies. Computers & Security, 67(-), 267\u2013279.","DOI":"10.1016\/j.cose.2016.12.012"},{"key":"10606_CR45","unstructured":"Kaspersky Lab (2018). Kaspersky lab survey: One-in-ten employees are aware of their organization\u2019s IT security policies. Retrieved October 24, 2021 from https:\/\/usa.kaspersky.com\/about\/press-releases\/2018_one-in-ten-employees-are-aware-of-their-organizations-it-security-policies"},{"issue":"1","key":"10606_CR46","doi-asserted-by":"publisher","first-page":"285","DOI":"10.25300\/MISQ\/2018\/13853","volume":"42","author":"GD Moody","year":"2018","unstructured":"Moody, G. D., Siponen, M., & Pahnila, S. (2018). Toward a unified model of information security policy compliance. MIS Quarterly, 42(1), 285\u2013331. https:\/\/doi.org\/10.25300\/MISQ\/2018\/13853","journal-title":"MIS Quarterly"},{"issue":"2","key":"10606_CR47","doi-asserted-by":"publisher","first-page":"238","DOI":"10.1080\/0960085X.2021.1931494","volume":"32","author":"C Nguyen","year":"2023","unstructured":"Nguyen, C., Jensen, M., & Day, E. (2023). Learning not to take the bait: A longitudinal examination of digital training methods and overlearning on phishing susceptibility. European Journal of Information Systems, 32(2), 238\u2013262.","journal-title":"European Journal of Information Systems"},{"key":"10606_CR48","unstructured":"NIST (2017). An introduction to information security. https:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-12r1.pdf"},{"issue":"12","key":"10606_CR49","doi-asserted-by":"publisher","first-page":"1794","DOI":"10.17705\/1jais.00586","volume":"20","author":"D Ormond","year":"2019","unstructured":"Ormond, D., Warkentin, M., & Crossler, R. E. (2019). Integrating cognition with an affective lens to better understand information security policy compliance. Journal for the Association for Information Systems, 20(12), 1794\u20131843. https:\/\/doi.org\/10.17705\/1jais.00586","journal-title":"Journal for the Association for Information Systems"},{"key":"10606_CR50","doi-asserted-by":"crossref","unstructured":"Paananen, H., Lapke, M., & Siponen, M. (2020). State of the Art in information security policy development. Computers & Security, 88(-), 1\u201314.","DOI":"10.1016\/j.cose.2019.101608"},{"issue":"4","key":"10606_CR51","doi-asserted-by":"publisher","first-page":"757","DOI":"10.2307\/25750704","volume":"34","author":"P Puhakainen","year":"2010","unstructured":"Puhakainen, P., & Siponen, M. (2010). Improving employees\u2019 compliance through information systems security training: An action research study. MIS Quarterly, 34(4), 757\u2013778. https:\/\/doi.org\/10.2307\/25750704","journal-title":"MIS Quarterly"},{"key":"10606_CR52","doi-asserted-by":"publisher","unstructured":"Rajab, M., & Eydgahi, A. (2019). Evaluating the explanatory power of theoretical frameworks on intention to comply with information security policies in higher education. Computers & Security, 80(-), 211\u2013223. https:\/\/doi.org\/10.1016\/j.cose.2018.09.016","DOI":"10.1016\/j.cose.2018.09.016"},{"key":"10606_CR53","unstructured":"Santos, O. (2019). Developing cybersecurity programs and policies. Pearson."},{"issue":"4","key":"10606_CR54","doi-asserted-by":"publisher","first-page":"1240","DOI":"10.1287\/isre.2020.0941","volume":"31","author":"S Sarkar","year":"2020","unstructured":"Sarkar, S., Vance, A., Ramesh, B., Demestihas, M., & Wu, D. T. (2020). The influence of professional subculture on information security policy violations: A field study in a healthcare context. Information Systems Research, 31(4), 1240\u20131259. https:\/\/doi.org\/10.1287\/isre.2020.0941","journal-title":"Information Systems Research"},{"issue":"6","key":"10606_CR55","doi-asserted-by":"publisher","first-page":"571","DOI":"10.1080\/08874417.2020.1845584","volume":"61","author":"FN Shadbad","year":"2021","unstructured":"Shadbad, F. N., & Biros, D. (2021). Understanding employee information security policy compliance from role theory perspective. Journal of Computer Information Systems, 61(6), 571\u2013580. https:\/\/doi.org\/10.1080\/08874417.2020.1845584","journal-title":"Journal of Computer Information Systems"},{"issue":"6","key":"10606_CR56","doi-asserted-by":"publisher","first-page":"539550","DOI":"10.1080\/08874417.2020.1812134","volume":"61","author":"H Shahbaznezhad","year":"2021","unstructured":"Shahbaznezhad, H., Kolini, F., & Rashidirad, M. (2021). Employees\u2019 behavior in phishing attacks: What individual, organizational, and technological factors matter? Journal of Computer Information Systems, 61(6), 539550. https:\/\/doi.org\/10.1080\/08874417.2020.1812134","journal-title":"Journal of Computer Information Systems"},{"key":"10606_CR57","doi-asserted-by":"publisher","unstructured":"Sharma, S., & Warkentin, M. (2019). Do I really belong? Impact of employment status on information security policy compliance. Computers & Security, 87(-), 1\u201312. https:\/\/doi.org\/10.1016\/j.cose.2018.09.005","DOI":"10.1016\/j.cose.2018.09.005"},{"issue":"1","key":"10606_CR58","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1080\/07421222.2019.1705512","volume":"37","author":"M Silic","year":"2020","unstructured":"Silic, M., & Lowry, P. B. (2020). Using design-science based gamification to improve organizational security training and compliance. Journal of Management Information Systems, 37(1), 129\u2013161. https:\/\/doi.org\/10.1080\/07421222.2019.1705512","journal-title":"Journal of Management Information Systems"},{"issue":"3","key":"10606_CR59","doi-asserted-by":"publisher","first-page":"487","DOI":"10.2307\/25750688","volume":"34","author":"M Siponen","year":"2010","unstructured":"Siponen, M., & Vance, A. (2010). Neutralization: New insights into the problem of employee information systems security policy violations. MIS Quarterly, 34(3), 487\u2013502. https:\/\/doi.org\/10.2307\/25750688","journal-title":"MIS Quarterly"},{"issue":"3","key":"10606_CR60","doi-asserted-by":"publisher","first-page":"289","DOI":"10.1057\/ejis.2012.59","volume":"23","author":"M Siponen","year":"2014","unstructured":"Siponen, M., & Vance, A. (2014). Guidelines for improving the contextual relevance of field surveys: The case of information security policy violations. European Journal of Information Systems, 23(3), 289\u2013305.","journal-title":"European Journal of Information Systems"},{"issue":"1","key":"10606_CR61","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1111\/j.1365-2575.2011.00378.x","volume":"22","author":"BC Stahl","year":"2012","unstructured":"Stahl, B. C., Doherty, N. F., & Shaw, M. (2012). Information security policies in the UK healthcare sector: A critical evaluation. Information Systems Journal, 22(1), 77\u201394.","journal-title":"Information Systems Journal"},{"issue":"3","key":"10606_CR62","doi-asserted-by":"publisher","first-page":"255","DOI":"10.1287\/isre.1.3.255","volume":"1","author":"DW Straub","year":"1990","unstructured":"Straub, D. W. (1990). Effective IS security: An empirical study. Information Systems Research, 1(3), 255\u2013276. https:\/\/doi.org\/10.1287\/isre.1.3.255","journal-title":"Information Systems Research"},{"issue":"1","key":"10606_CR63","doi-asserted-by":"publisher","first-page":"45","DOI":"10.2307\/249307","volume":"14","author":"DW Straub","year":"1990","unstructured":"Straub, D. W., & Nance, W. D. (1990). Discovering and disciplining computer abuse in organizations: A field study. MIS Quarterly, 14(1), 45\u201362.","journal-title":"MIS Quarterly"},{"key":"10606_CR64","doi-asserted-by":"publisher","unstructured":"Trang, S., & Nastjuk, I. (2021). Examining the role of stress and information security policy design in information security compliance behavior: An experimental study of in-task behavior. Computers & Security, 104(-), 1\u201315. https:\/\/doi.org\/10.1016\/j.cose.2021.102222","DOI":"10.1016\/j.cose.2021.102222"},{"issue":"10","key":"10606_CR65","doi-asserted-by":"publisher","first-page":"679","DOI":"10.17705\/1jais.00375","volume":"15","author":"A Vance","year":"2014","unstructured":"Vance, A., Anderson, B. B., Kirwan, C. B., & Eargle, D. (2014). Using measures of risk perception to predict information security behavior: Insights from electroencephalography (eeg). Journal of the Association for Information Systems, 15(10), 679\u2013722. https:\/\/doi.org\/10.17705\/1jais.00375","journal-title":"Journal of the Association for Information Systems"},{"key":"10606_CR66","unstructured":"Verizon (2023). 2023 data breach investigations report. Verizon. https:\/\/www.verizon.com\/business\/resources\/reports\/dbir"},{"issue":"4","key":"10606_CR67","doi-asserted-by":"publisher","first-page":"356","DOI":"10.1016\/S0167-4048(02)00414-5","volume":"21","author":"P Ward","year":"2002","unstructured":"Ward, P., & Smith, C. L. (2002). The development of access control policies for information technology systems. Computers & Security, 21(4), 356\u2013371.","journal-title":"Computers & Security"},{"key":"10606_CR68","unstructured":"Weber, S. (2022). Compete to communicate on cybersecurity. Infosecurity Magaize. Retrieved May 19, 2022 from https:\/\/www.infosecurity-magazine.com\/opinions\/compete-to-communicate\/"},{"key":"10606_CR69","unstructured":"Whitman, M. E. (2008). Security policy: From design to maintenance. In D. W. Straub, S. E. Goodman, & R. Baskerville (Eds.), Information security: Policy, processes, and practices (pp. 123\u2013151). M. E. Sharpe."},{"issue":"6","key":"10606_CR70","doi-asserted-by":"publisher","first-page":"448","DOI":"10.1016\/j.cose.2005.03.008","volume":"24","author":"TL Wiant","year":"2005","unstructured":"Wiant, T. L. (2005). Information security policy\u2019s impact on reporting security incidents. Computers & Security, 24(6), 448\u2013459.","journal-title":"Computers & Security"},{"key":"10606_CR71","doi-asserted-by":"publisher","DOI":"10.1080\/0960085X.2021.1980444","author":"A Yazdanmehr","year":"2021","unstructured":"Yazdanmehr, A., & Wang, J. (2021). Can peers help reduce violations of information security policies? The role of peer monitoring. European Journal of Information Systems Forthcoming. https:\/\/doi.org\/10.1080\/0960085X.2021.1980444","journal-title":"European Journal of Information Systems Forthcoming"},{"issue":"5","key":"10606_CR72","doi-asserted-by":"publisher","first-page":"791","DOI":"10.1111\/isj.12271","volume":"30","author":"A Yazdanmehr","year":"2020","unstructured":"Yazdanmehr, A., Wang, J., & Yang, Z. (2020). Peers matter: The moderating role of social influence on information security policy compliance. Information Systems Journal, 30(5), 791\u2013844. https:\/\/doi.org\/10.1111\/isj.12271","journal-title":"Information Systems Journal"},{"key":"10606_CR73","doi-asserted-by":"publisher","unstructured":"Yoo, C. W., Sanders, G. L., & Cerveny, R. P. (2018). Exploring the influence of flow and psychological ownership on security education, training and awareness effectiveness and security compliance. Decision Support Systems, 108(-), 107\u2013118. https:\/\/doi.org\/10.1016\/j.dss.2018.02.009","DOI":"10.1016\/j.dss.2018.02.009"}],"container-title":["Information Systems Frontiers"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-025-10606-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10796-025-10606-1","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10796-025-10606-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,25]],"date-time":"2026-05-25T06:37:46Z","timestamp":1779691066000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10796-025-10606-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,28]]},"references-count":73,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2026,4]]}},"alternative-id":["10606"],"URL":"https:\/\/doi.org\/10.1007\/s10796-025-10606-1","relation":{},"ISSN":["1387-3326","1572-9419"],"issn-type":[{"value":"1387-3326","type":"print"},{"value":"1572-9419","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,4,28]]},"assertion":[{"value":"7 April 2025","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"28 April 2025","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"Not applicable.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethics Approval and Consent to Participate"}},{"value":"Not applicable.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent for Publication"}},{"value":"The authors have no relevant financial or non- financial interests to disclose.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing Interests"}}]}}