{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,28]],"date-time":"2026-06-28T10:39:31Z","timestamp":1782643171206,"version":"3.54.5"},"reference-count":35,"publisher":"Emerald","issue":"1","license":[{"start":{"date-parts":[[2021,8,9]],"date-time":"2021-08-09T00:00:00Z","timestamp":1628467200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2022,1,31]]},"abstract":"<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title>\n<jats:p>To help reduce the increasing number of information security breaches that are caused by insiders, past research has examined employee non-compliance with information security policy. However, existent studies have observed mixed results, which suggest that an interaction is likely to exist among the variables that explain employee non-compliance. In an effort to provide evidence for this possibility, this paper aims to better explain why employees routinely engage in non-compliant behaviors by examining the direct and interactive effects of employees\u2019 perceived costs and rewards of compliance and non-compliance on their routinized non-compliant behaviors.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title>\n<jats:p>Based on rational choice theory, this study used 16 hypothetical scenarios in an experimental survey, collecting data from 326 respondents and analyzing them via structural equation modeling and a four-way factorial experiment.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Findings<\/jats:title>\n<jats:p>The results suggest that routinized non-compliance of employees is more strongly influenced by the rewards than the costs they perceive in their non-compliance. Further, employees\u2019 routinized non-compliance behavior was found to be positively influenced by an interactive effect of perceived rewards of compliance when their perceptions of their non-compliance costs and rewards were both high and low.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title>\n<jats:p>This paper\u2019s key contribution is to suggest that non-compliance behavior is influenced by direct and interactive effects of perceived rewards of compliance and non-compliance.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ics-01-2021-0008","type":"journal-article","created":{"date-parts":[[2021,8,5]],"date-time":"2021-08-05T06:59:47Z","timestamp":1628146787000},"page":"97-116","source":"Crossref","is-referenced-by-count":12,"title":["How different rewards tend to influence employee non-compliance with information security policies"],"prefix":"10.1108","volume":"30","author":[{"given":"Rima","family":"Khatib","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Henri","family":"Barki","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"140","published-online":{"date-parts":[[2021,8,9]]},"reference":[{"issue":"2","key":"key2022012710484387700_ref001","doi-asserted-by":"crossref","first-page":"110","DOI":"10.1037\/1065-9293.59.2.110","article-title":"Effect of an intervention on replacing negative habits with positive routines for improving full engagement at work: a test of the disconnected values model","volume":"59","year":"2007","journal-title":"Consulting Psychology Journal: Practice and Research"},{"issue":"4","key":"key2022012710484387700_ref002","doi-asserted-by":"crossref","first-page":"453","DOI":"10.1177\/0959354302012004294","article-title":"Explaining routinized decision making: a review of theories and models","volume":"12","year":"2002","journal-title":"Theory and Psychology"},{"issue":"3","key":"key2022012710484387700_ref003","doi-asserted-by":"crossref","first-page":"523","DOI":"10.2307\/25750690","article-title":"Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness","volume":"34","year":"2010","journal-title":"MIS Quarterly"},{"issue":"2","key":"key2022012710484387700_ref004","doi-asserted-by":"crossref","first-page":"189","DOI":"10.1287\/isre.14.2.189.16018","article-title":"A partial least squares latent variable modeling approach for measuring interaction effects: results from a Monte Carlo simulation study and an electronic-mail emotion\/adoption study","volume":"14","year":"2003","journal-title":"Information Systems Research"},{"issue":"1","key":"key2022012710484387700_ref005","doi-asserted-by":"crossref","first-page":"179","DOI":"10.2307\/25148833","article-title":"The relative advantage of electronic channels: a multidimensional view","volume":"32","year":"2008","journal-title":"MIS Quarterly"},{"issue":"S1","key":"key2022012710484387700_ref006","doi-asserted-by":"crossref","first-page":"59","DOI":"10.1007\/s10551-008-9909-7","article-title":"Does one size fit all? Examining the differential effects of is security countermeasures","volume":"89","year":"2009","journal-title":"Journal of Business Ethics"},{"issue":"1","key":"key2022012710484387700_ref007","doi-asserted-by":"crossref","first-page":"79","DOI":"10.1287\/isre.1070.0160","article-title":"User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach","volume":"20","year":"2009","journal-title":"Information Systems Research"},{"issue":"2","key":"key2022012710484387700_ref008","doi-asserted-by":"crossref","first-page":"106","DOI":"10.1057\/ejis.2009.6","article-title":"Protection motivation and deterrence: a framework for security policy compliance in organizations","volume":"18","year":"2009","journal-title":"European Journal of Information Systems"},{"key":"key2022012710484387700_ref009","unstructured":"Herjavec (2019), \u201c2019 Official annual crime report\u201d, Cybersecurity ventures, Herjavec group."},{"key":"key2022012710484387700_ref010","volume-title":"The Motivation to Work","year":"1959","edition":"2nd ed."},{"issue":"1","key":"key2022012710484387700_ref011","doi-asserted-by":"crossref","first-page":"2","DOI":"10.1108\/OIR-11-2015-0358","article-title":"Why not comply with information security? An empirical approach for the causes of non-compliance","volume":"41","year":"2017","journal-title":"Online Information Review"},{"key":"key2022012710484387700_ref012","doi-asserted-by":"crossref","unstructured":"IBM security (2019), \u201cCost of a data breach report\u201d, Ponemon Institute.","DOI":"10.1016\/S1361-3723(19)30081-8"},{"issue":"3","key":"key2022012710484387700_ref013","doi-asserted-by":"crossref","first-page":"549","DOI":"10.2307\/25750691","article-title":"Fear appeals and information security behaviors: an empirical study","volume":"34","year":"2010","journal-title":"MIS Quarterly"},{"issue":"4","key":"key2022012710484387700_ref014","first-page":"1","article-title":"Habits in organizational contexts: information systems routines, cues, and rewards","volume":"37","year":"2020","journal-title":"Canadian Journal of Administrative Sciences"},{"issue":"4","key":"key2022012710484387700_ref015","doi-asserted-by":"crossref","first-page":"485","DOI":"10.1108\/ICS-11-2018-0128","article-title":"An activity theory approach to information security non-compliance","volume":"28","year":"2020","journal-title":"Information and Computer Security"},{"issue":"3","key":"key2022012710484387700_ref016","first-page":"479","article-title":"What influences information security behavior? A study with Brazilian users","volume":"13","year":"2016","journal-title":"Journal of Information Systems and Technology Management"},{"issue":"4","key":"key2022012710484387700_ref017","doi-asserted-by":"crossref","first-page":"811","DOI":"10.1111\/j.1468-232X.2012.00702.x","article-title":"What makes workers happy? Anticipated rewards and job satisfaction","volume":"51","year":"2012","journal-title":"Industrial Relations: A Journal of Economy and Society"},{"issue":"1","key":"key2022012710484387700_ref018","doi-asserted-by":"crossref","first-page":"417","DOI":"10.1146\/annurev.soc.28.110601.140752","article-title":"New economics of sociological criminology","volume":"28","year":"2002","journal-title":"Annual Review of Sociology"},{"issue":"1","key":"key2022012710484387700_ref019","doi-asserted-by":"crossref","first-page":"56","DOI":"10.1108\/03090569410049181","article-title":"A preliminary investigation into pre- and post-purchase risk perception and reduction","volume":"28","year":"1994","journal-title":"European Journal of Marketing"},{"issue":"3","key":"key2022012710484387700_ref020","doi-asserted-by":"crossref","first-page":"365","DOI":"10.1111\/j.1533-8525.1985.tb00233.x","article-title":"The relative importance of intrinsic and extrinsic rewards as determinants of work satisfaction","volume":"26","year":"1985","journal-title":"Sociological Quarterly"},{"issue":"2","key":"key2022012710484387700_ref021","doi-asserted-by":"crossref","first-page":"126","DOI":"10.1057\/ejis.2009.10","article-title":"What levels of moral reasoning and values explain adherence to information security rules? An empirical study","volume":"18","year":"2009","journal-title":"European Journal of Information Systems"},{"issue":"4","key":"key2022012710484387700_ref022","first-page":"375","article-title":"A review of the empirical ethical decision-making literature: 1996-2003","volume":"59","year":"2005","journal-title":"Journal of Business Ethics"},{"issue":"2","key":"key2022012710484387700_ref023","doi-asserted-by":"crossref","first-page":"103","DOI":"10.1007\/s10940-009-9065-y","article-title":"Rational choice, agency and thoughtfully reflective decision making: the short and long-term consequences of making good choices","volume":"25","year":"2009","journal-title":"Journal of Quantitative Criminology"},{"issue":"4","key":"key2022012710484387700_ref024","doi-asserted-by":"crossref","first-page":"623","DOI":"10.2307\/25148814","article-title":"Specifying formative constructs in information systems research","volume":"31","year":"2007","journal-title":"MIS Quarterly"},{"issue":"2","key":"key2022012710484387700_ref025","doi-asserted-by":"crossref","first-page":"319","DOI":"10.1111\/j.1745-9125.1999.tb00488.x","article-title":"An empirical test of Tittle\u2019s control balance theory","volume":"37","year":"1999","journal-title":"Criminology"},{"issue":"5","key":"key2022012710484387700_ref026","doi-asserted-by":"crossref","first-page":"879","DOI":"10.1037\/0021-9010.88.5.879","article-title":"Common method biases in behavioral research: a critical review of the literature and recommended remedies","volume":"88","year":"2003","journal-title":"Journal of Applied Psychology"},{"issue":"1","key":"key2022012710484387700_ref027","doi-asserted-by":"crossref","first-page":"221","DOI":"10.25300\/MISQ\/2013\/37.1.10","article-title":"The embeddedness of information systems habits in organizational and individual level routines: development and disruption","volume":"37","year":"2013","journal-title":"MIS Quarterly"},{"issue":"3","key":"key2022012710484387700_ref028","doi-asserted-by":"crossref","first-page":"487","DOI":"10.2307\/25750688","article-title":"Neutralization: new insights into the problem of employee information systems security policy violations","volume":"34","year":"2010","journal-title":"MIS Quarterly"},{"issue":"1","key":"key2022012710484387700_ref029","doi-asserted-by":"crossref","first-page":"42","DOI":"10.1108\/IMCS-08-2012-0045","article-title":"Variables influencing information security policy compliance: a systematic review of quantitative studies","volume":"22","year":"2014","journal-title":"Information Management and Computer Security"},{"issue":"2","key":"key2022012710484387700_ref030","doi-asserted-by":"crossref","first-page":"121","DOI":"10.2307\/3857567","article-title":"Experimental approaches to studying ethical-unethical behavior in organizations","volume":"2","year":"1992","journal-title":"Business Ethics Quarterly"},{"issue":"3\/4","key":"key2022012710484387700_ref031","first-page":"190","article-title":"Motivating is security compliance: insights from habit and protection motivation theory","volume":"49","year":"2012","journal-title":"Information and Management"},{"issue":"4","key":"key2022012710484387700_ref032","doi-asserted-by":"crossref","first-page":"103212","DOI":"10.1016\/j.im.2019.103212","article-title":"Effects of sanctions, moral beliefs, and neutralization on information security policy violations across cultures","volume":"57","year":"2020","journal-title":"Information and Management"},{"issue":"5\/6","key":"key2022012710484387700_ref033","first-page":"591","article-title":"Good intentions, bad habits, and effects of forming implementation intentions on healthy eating","volume":"29","year":"1999","journal-title":"European Journal of Social Psychology"},{"key":"key2022012710484387700_ref034","volume-title":"Analysis of Variance and Functional Measurement: A Practical Guide","year":"2006"},{"issue":"4","key":"key2022012710484387700_ref035","doi-asserted-by":"crossref","first-page":"402","DOI":"10.1108\/ICS-02-2016-0017","article-title":"Workarounds and trade-offs in information security \u2013 an exploratory study","volume":"25","year":"2017","journal-title":"Information and Computer Security"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-01-2021-0008\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-01-2021-0008\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:22:38Z","timestamp":1753406558000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/30\/1\/97-116\/104701"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,8,9]]},"references-count":35,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2021,8,9]]},"published-print":{"date-parts":[[2022,1,31]]}},"alternative-id":["10.1108\/ICS-01-2021-0008"],"URL":"https:\/\/doi.org\/10.1108\/ics-01-2021-0008","relation":{},"ISSN":["2056-4961","2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"},{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2021,8,9]]}}}