{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,19]],"date-time":"2026-04-19T05:51:48Z","timestamp":1776577908346,"version":"3.51.2"},"reference-count":56,"publisher":"Emerald","issue":"3","license":[{"start":{"date-parts":[[2019,9,30]],"date-time":"2019-09-30T00:00:00Z","timestamp":1569801600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2019,9,30]]},"abstract":"<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title>\n<jats:p>The purpose of this study is to use a developed and pre-tested scenario-based measurement instrument for policy compliance and determine whether policy compliance measurements in the current policy compliance research are biased as has been postulated during a pre-study. The expected biases are because of social desirability and because of biases based on identity theory.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title>\n<jats:p>A survey was conducted (n\u2009=\u200954) that used policy compliance scales from literature and the developed self-reporting policy compliance (SRPC) scale, along with the Marlow\u2013Crowne social desirability (MC-SDB) scale. Differences between the policy compliance scales were assessed. Moreover, a transformation of the SRPC measurements into the literature-based scales was examined using pair-wise t-testing. Finally, correlations between the MC-SDB and the policy compliance scales were examined.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Findings<\/jats:title>\n<jats:p>There are no significant influences on the desire for social approval of the respondents as was exhibited by the MC-SDB values and policy compliance on either scale. However, the SRPC scale measurements show deviations from the literature-based policy compliance scales. Individuals that exhibit secure behaviour, which is not rooted in a policy but rather in anything but the policy, are also captured as being policy compliant in the current scales. This shows that a response bias exists in current scales. Respondents, who perceive to exhibit secure behaviours, may think that they are in compliance with the policy, even when they are not.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Practical implications<\/jats:title>\n<jats:p>These findings mean that several contributions in the field of policy compliance must be questioned and that a revisit of several factors influencing policy compliance may be required.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title>\n<jats:p>To the best of the authors\u2019 knowledge, response biases in policy compliance research have not been considered to date.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ics-02-2019-0025","type":"journal-article","created":{"date-parts":[[2019,10,4]],"date-time":"2019-10-04T07:10:37Z","timestamp":1570173037000},"page":"445-465","source":"Crossref","is-referenced-by-count":9,"title":["Response biases in policy compliance research"],"prefix":"10.1108","volume":"28","author":[{"given":"Sebastian","family":"Kurowski","sequence":"first","affiliation":[]}],"member":"140","reference":[{"key":"key2020071513123933100_ref001","article-title":"Investigating continuous security compliance behaviour: insights from information systems continuance model","volume-title":"AMCIS 2016: Surfing the IT Innovation Wave - 22nd Americas Conference on Information Systems","year":"2016"},{"issue":"6","key":"key2020071513123933100_ref002","doi-asserted-by":"crossref","first-page":"476","DOI":"10.1016\/j.cose.2009.01.003","article-title":"The information security digital divide between information security managers and users","volume":"28","year":"2009","journal-title":"Computers and Security"},{"issue":"3","key":"key2020071513123933100_ref003","first-page":"1155","article-title":"Short forms of the Marlowe-Crowne social desirability scale","volume":"71","year":"1992","journal-title":"Psychological Reports"},{"key":"key2020071513123933100_ref004","article-title":"Interaction effect of gender and neutralization techniques on information security policy compliance: an ethical perspective","volume-title":"AMCIS 2016: Surfing the IT Innovation Wave - 22nd Americas Conference on Information Systems","year":"2016"},{"issue":"2","key":"key2020071513123933100_ref005","doi-asserted-by":"crossref","first-page":"141","DOI":"10.1177\/004912418101000205","article-title":"Snowball sampling: problems and techniques of chain referral sampling","volume":"10","year":"1981","journal-title":"Sociological Methods and Research"},{"issue":"4","key":"key2020071513123933100_ref006","doi-asserted-by":"crossref","first-page":"333","DOI":"10.1177\/0190272516628298","article-title":"Lies, damned lies, and survey self-reports? Identity as a cause of measurement bias","volume":"79","year":"2016","journal-title":"Social Psychology Quarterly"},{"issue":"2","key":"key2020071513123933100_ref007","doi-asserted-by":"crossref","first-page":"348","DOI":"10.1177\/0049124114558630","article-title":"Measurement directiveness as a cause of response bias: evidence from two survey experiments","volume":"45","year":"2016","journal-title":"Sociological Methods and Research"},{"issue":"3","key":"key2020071513123933100_ref008","doi-asserted-by":"crossref","first-page":"231","DOI":"10.1177\/0190272513518337","article-title":"The causal ordering of prominence and salience in identity theory: an empirical examination","volume":"77","year":"2014","journal-title":"Social Psychology Quarterly"},{"issue":"2","key":"key2020071513123933100_ref032","first-page":"231","article-title":"The accuracy of self-reported participation rates","volume":"2","year":"1983","journal-title":"Leis. Stud"},{"key":"key2020071513123933100_ref009","volume-title":"Studie: Industriespionage 2014 - Cybergeddon Der Deutschen Wirtschaft Durch NSA and Co","author":"Corporate Trust","year":"2014"},{"issue":"4","key":"key2020071513123933100_ref010","doi-asserted-by":"crossref","first-page":"349","DOI":"10.1037\/h0047358","article-title":"A new scale of social desirability independent of psychopathology","volume":"24","year":"1960","journal-title":"Journal of Consulting Psychology"},{"issue":"10","key":"key2020071513123933100_ref011","first-page":"11","article-title":"Exploring the influence of national cultures on Non-Compliance behaviour","volume":"3","year":"2010","journal-title":"Communications of the IIMA"},{"issue":"2","key":"key2020071513123933100_ref012","doi-asserted-by":"crossref","first-page":"243","DOI":"10.1177\/1470595806066332","article-title":"Response styles in cross-national survey research a 26-country study","volume":"6","year":"2006","journal-title":"International Journal of Cross Cultural Management"},{"key":"key2020071513123933100_ref013","article-title":"Cultures and organizations: software of the mind","volume-title":"Rev. and Expanded","year":"2005","edition":"2nd ed"},{"issue":"3","key":"key2020071513123933100_ref014","doi-asserted-by":"crossref","first-page":"231","DOI":"10.1057\/ejis.2015.15","article-title":"Dispositional and situational factors: influences on information security policy violations","volume":"25","year":"2016","journal-title":"European Journal of Information Systems"},{"key":"key2020071513123933100_ref046","article-title":"The accuracy of self-reports of physical activity","year":"1990","journal-title":"Med. Sci. Sports Exerc"},{"key":"key2020071513123933100_ref015","article-title":"Why deterrence is not enough: the role of endogenous motivations on employees\u2019 information security behaviour","volume-title":"in 35th International Conference on Information Systems \u2018Building a Better World Through Information Systems\u2019, ICIS 2014","year":"2014"},{"key":"key2020071513123933100_ref016","first-page":"13","article-title":"Response and cultural biases in information security policy compliance research","volume-title":"Open Identity Summit 2017","year":"2017"},{"key":"key2020071513123933100_ref017","article-title":"Measuring compliance with specific policy contents-the SRPC-and SRPCC-Scales for a more detailed measurement of positive policy co","volume-title":"presented at the ECIS 2018","year":"2018"},{"issue":"4","key":"key2020071513123933100_ref018","doi-asserted-by":"crossref","first-page":"407","DOI":"10.1016\/S0272-6963(98)00021-7","article-title":"An assessment of survey research in POM: from constructs to theory","volume":"16","year":"1998","journal-title":"Journal of Operations Management"},{"key":"key2020071513123933100_ref019","volume-title":"Qualitative Research in Business and Management","year":"2009","edition":"1st ed"},{"issue":"4","key":"key2020071513123933100_ref020","doi-asserted-by":"crossref","first-page":"327","DOI":"10.1080\/13645570701401305","article-title":"Sampling knowledge: the hermeneutics of snowball sampling in qualitative research","volume":"11","year":"2008","journal-title":"International Journal of Social Research Methodology"},{"key":"key2020071513123933100_ref021","volume-title":"\u20182016 Cost of Data Breach Study: Global Analysis\u2019","author":"Ponemon Institute","year":"2016"},{"issue":"3","key":"key2020071513123933100_ref022","doi-asserted-by":"crossref","first-page":"299","DOI":"10.1079\/PHN2002427","article-title":"Addressing overreporting on the international physical activity questionnaire (IPAQ) telephone survey with a population sample","volume":"6","year":"2003","journal-title":"Public Health Nutrition"},{"issue":"2","key":"key2020071513123933100_ref023","doi-asserted-by":"crossref","first-page":"217","DOI":"10.1016\/j.im.2013.08.006","article-title":"Employees\u2019 adherence to information security policies: an exploratory field study","volume":"51","year":"2014","journal-title":"Information and Management"},{"issue":"1","key":"key2020071513123933100_ref024","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1177\/0022022103260380","article-title":"Acquiescent response bias as an aspect of cultural communication style","volume":"35","year":"2004","journal-title":"Journal of Cross-Cultural Psychology"},{"issue":"1","key":"key2020071513123933100_ref025","doi-asserted-by":"crossref","first-page":"42","DOI":"10.1108\/IMCS-08-2012-0045","article-title":"Variables influencing information security policy compliance: a systematic review of quantitative studies","volume":"22","year":"2014","journal-title":"Information Management and Computer Security"},{"key":"key2020071513123933100_ref026","volume-title":"Symbolic Interactionism: A Social Structural Version","year":"1980"},{"issue":"7","key":"key2020071513123933100_ref027","doi-asserted-by":"crossref","first-page":"1187","DOI":"10.1093\/bjsw\/bch345","article-title":"Factorial surveys: using vignettes to study professional judgement","volume":"36","year":"2005","journal-title":"British Journal of Social Work"},{"issue":"1","key":"key2020071513123933100_ref028","doi-asserted-by":"crossref","first-page":"21","DOI":"10.4018\/joeuc.2012010102","article-title":"IS security policy violations: a rational choice perspective","volume":"24","year":"2012","journal-title":"Journal of Organizational and End User Computing"},{"key":"key2020071513123933100_ref029","first-page":"180","article-title":"Cognitive elaboration on potential outcomes and its effects on employees\u2019 information security policy compliance intention-exploring the key antecedents","volume":"108 LNBIP","year":"2012","journal-title":"Lect. Notes Bus. Inf. Process"},{"key":"key2020071513123933100_ref030","first-page":"2848","article-title":"Religiosity and information security policy compliance","volume-title":"19th Americas Conference on Information Systems, AMCIS 2013 \u2013 Hyperconnected World: Anything, Anywhere, Anytime","year":"2013"},{"issue":"3","key":"key2020071513123933100_ref031","doi-asserted-by":"crossref","first-page":"523","DOI":"10.2307\/25750690","article-title":"Information security policy compliance: an empirical study of Rationality-Based beliefs and information security awareness","volume":"34","year":"2010","journal-title":"Management Information Systems Quarterly"},{"key":"key2020071513123933100_ref033","doi-asserted-by":"crossref","first-page":"447","DOI":"10.1016\/j.cose.2013.09.009","article-title":"Understanding the violation of IS security policy in organizations: an integrated model based on social control and deterrence theory","volume":"39","year":"2013","journal-title":"Computers and Security"},{"key":"key2020071513123933100_ref034","doi-asserted-by":"crossref","first-page":"220","DOI":"10.1016\/j.chb.2014.05.043","article-title":"Understanding personal use of the internet at work: an integrated model of neutralization techniques and general deterrence theory","volume":"38","year":"2014","journal-title":"Computers in Human Behaviour"},{"issue":"1","key":"key2020071513123933100_ref035","doi-asserted-by":"crossref","first-page":"209","DOI":"10.1007\/s10551-014-2250-4","article-title":"Explaining the misuse of information systems resources in the workplace: a Dual-Process approach","volume":"131","year":"2015","journal-title":"Journal of Business Ethics"},{"issue":"1","key":"key2020071513123933100_ref036","doi-asserted-by":"crossref","first-page":"38","DOI":"10.12968\/bjon.2008.17.1.28059","article-title":"Undertaking a literature review: a step-by-step approach","volume":"17","year":"2008","journal-title":"British Journal of Nursing (Mark Allen Publishing)"},{"issue":"2","key":"key2020071513123933100_ref037","doi-asserted-by":"crossref","first-page":"285","DOI":"10.2753\/MIS0742-1222310210","article-title":"Understanding employee responses to stressful information security requirements: a coping perspective","volume":"31","year":"2014","journal-title":"Journal of Management Information Systems"},{"issue":"4","key":"key2020071513123933100_ref038","first-page":"286","article-title":"A path to successful management of employee security compliance: an empirical study of information security climate","volume":"57","year":"2015","journal-title":"IEEE Transactions on Professional Communication"},{"issue":"2","key":"key2020071513123933100_ref039","doi-asserted-by":"crossref","first-page":"203","DOI":"10.2753\/MIS0742-1222280208","article-title":"Understanding nonmalicious security violations in the workplace: a composite behaviour model","volume":"28","year":"2011","journal-title":"Journal of Management Information Systems"},{"key":"key2020071513123933100_ref040","first-page":"2222","article-title":"Information security awareness: its antecedents and mediating effects on security compliant behaviour","volume-title":"International Conference on Information Systems (ICIS 2013): Reshaping Society Through Information Systems Design","year":"2013"},{"issue":"4","key":"key2020071513123933100_ref041","doi-asserted-by":"crossref","first-page":"615","DOI":"10.1111\/j.1540-5915.2012.00361.x","article-title":"Managing employee compliance with information security policies: the critical role of top management and organizational culture","volume":"43","year":"2012","journal-title":"Decision Sciences"},{"issue":"1","key":"key2020071513123933100_ref042","doi-asserted-by":"crossref","first-page":"83","DOI":"10.1016\/j.cose.2011.10.007","article-title":"Understanding information systems security policy compliance: an integration of the theory of planned behaviour and the protection motivation theory","volume":"31","year":"2012","journal-title":"Computers and Security"},{"issue":"1","key":"key2020071513123933100_ref043","doi-asserted-by":"crossref","first-page":"69","DOI":"10.1016\/j.im.2013.10.001","article-title":"Information systems security policy compliance: an empirical study of the effects of socialisation, influence, and cognition","volume":"51","year":"2014","journal-title":"Information and Management"},{"issue":"1","key":"key2020071513123933100_ref044","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1080\/10580530.2015.1117868","article-title":"Critical times for organizations: what should be done to curb workers\u2019 noncompliance with IS security policy guidelines?","volume":"33","year":"2016","journal-title":"Information Systems Management"},{"key":"key2020071513123933100_ref045","article-title":"Assessing self-justification as an antecedent of noncompliance with information security policies","year":"2013"},{"key":"key2020071513123933100_ref047","article-title":"Effects of neutralization techniques and rational choice theory on internet abuse in the workplace","year":"2013"},{"issue":"6","key":"key2020071513123933100_ref048","first-page":"479","article-title":"Exploring the effects of organizational justice, personal ethics and sanction on internet use policy compliance","volume":"24","year":"2019","journal-title":"Information Systems Journal"},{"key":"key2020071513123933100_ref049","article-title":"Information security behaviour: towards multistage models","volume-title":"Proceedings - Pacific Asia Conference on Information Systems, PACIS 2013","year":"2013"},{"issue":"4","key":"key2020071513123933100_ref050","doi-asserted-by":"crossref","first-page":"179","DOI":"10.1080\/07421222.2015.1138374","article-title":"The impact of organizational commitment on insiders motivation to protect organizational information assets","volume":"32","year":"2015","journal-title":"Journal of Management Information Systems"},{"key":"key2020071513123933100_ref051","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1016\/j.cose.2015.05.012","article-title":"Information security conscious care behaviour formation in organizations","volume":"53","year":"2015","journal-title":"Computers and Security"},{"issue":"7","key":"key2020071513123933100_ref052","doi-asserted-by":"crossref","first-page":"557","DOI":"10.1080\/10447318.2016.1183862","article-title":"Nontechnical deterrence effects of mild and severe internet use policy reminders in reducing employee internet abuse","volume":"32","year":"2016","journal-title":"International Journal of Human-Computer Interaction"},{"issue":"3","key":"key2020071513123933100_ref053","doi-asserted-by":"crossref","first-page":"487","DOI":"10.2307\/25750688","article-title":"Neutralization: New insights into the problem of employee information systems security policy violations","volume":"34","year":"2010","journal-title":"Management Information Systems Quarterly"},{"issue":"2","key":"key2020071513123933100_ref054","doi-asserted-by":"crossref","first-page":"200","DOI":"10.1108\/ICS-04-2014-0025","article-title":"The sufficiency of the theory of planned behaviour for explaining information security policy compliance","volume":"23","year":"2015","journal-title":"Information and Computer Security"},{"issue":"7","key":"key2020071513123933100_ref055","doi-asserted-by":"crossref","first-page":"296","DOI":"10.1016\/j.im.2011.07.002","article-title":"Out of fear or desire? Toward a better understanding of employees\u2019 motivation to follow IS security policies","volume":"48","year":"2011","journal-title":"Information and Management"},{"key":"key2020071513123933100_ref056","doi-asserted-by":"crossref","first-page":"679","DOI":"10.17705\/1jais.00375","article-title":"Using measures of risk perception to predict information security behaviour: insights from electroencephalography (EEG)","volume":"15","year":"2014","journal-title":"Journal of the Association for Information Systems"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-02-2019-0025\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-02-2019-0025\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:22:41Z","timestamp":1753406561000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/28\/3\/445-465\/199282"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,9,30]]},"references-count":56,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2019,9,30]]}},"alternative-id":["10.1108\/ICS-02-2019-0025"],"URL":"https:\/\/doi.org\/10.1108\/ics-02-2019-0025","relation":{},"ISSN":["2056-4961","2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"},{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2019,9,30]]}}}