{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T00:14:07Z","timestamp":1781050447878,"version":"3.54.1"},"reference-count":134,"publisher":"MIS Quarterly","issue":"2","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019,6,1]]},"abstract":"<jats:p>A rich stream of research has identified numerous antecedents to employee compliance (and noncompliance) with information security policies. However, the number of competing theoretical perspectives and inconsistencies in the reported findings have hampered efforts to attain a clear understanding of what truly drives this behavior. To address this theoretical stalemate and build toward a consensus on the key antecedents of employees\u2019 security policy compliance in different contexts, we conducted a meta-analysis of the relevant literature. Drawing on 95 empirical papers, we classified 401 independent variables into 17 distinct categories and analyzed each category\u2019s relationship with security policy compliance, including an analysis for possible domain-specific moderators. A meta-analytic relative weight analysis determined the relative importance of each category in predicting security policy compliance, while adding robustness to our findings. At a broad level, our results suggest that much of the security policy compliance literature is plagued by suboptimal theoretical framing. Our findings can facilitate more refined theory-building efforts in this research domain and serve as a guide for practitioners to manage security policy compliance initiatives.<\/jats:p>","DOI":"10.25300\/misq\/2019\/15117","type":"journal-article","created":{"date-parts":[[2019,5,30]],"date-time":"2019-05-30T12:07:42Z","timestamp":1559218062000},"page":"525-553","source":"Crossref","is-referenced-by-count":273,"title":["Seeing the Forest <i>and<\/i> the Trees: A Meta-Analysis of the Antecedents to Information Security Policy Compliance1"],"prefix":"10.25300","volume":"43","author":[{"given":"W. Alec","family":"Cram","sequence":"first","affiliation":[{"name":"Bentley University, 175 Forest Street, Waltham, MA 02452 U.S.A."}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"John","family":"D\u2019Arcy","sequence":"additional","affiliation":[{"name":"Department of Accounting and MIS, University of Delaware, 356 Purnell Hall Newark, DE 19716 U.S.A."}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jeffrey G.","family":"Proudfoot","sequence":"additional","affiliation":[{"name":"Bentley University, 175 Forest Street, Waltham, MA 02452 U.S.A."}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"10933","published-online":{"date-parts":[[2019,6,1]]},"reference":[{"issue":"2","key":"2025082212125206500_b1-08_15117_ra_cramdarcy","first-page":"179","article-title":"The Theory of Planned Behavior","volume":"50","author":"Ajzen","year":"1991","journal-title":"Organizational Behavior and Human Decision Processes"},{"issue":"6","key":"2025082212125206500_b2-08_15117_ra_cramdarcy","first-page":"1423","article-title":"The Self-Importance of Moral Identity","volume":"83","author":"Aquino","year":"2002","journal-title":"Journal of Personality and Social Psychology"},{"key":"2025082212125206500_b3-08_15117_ra_cramdarcy","unstructured":"Association for Information Systems\n          . 2017. \u201cAISWorld List Usage Policy and Conditions\u201d (https:\/\/aisnet.org\/?ISWorldServPolicies; retrieved January\u200827, 2018)."},{"issue":"3","key":"2025082212125206500_b4-08_15117_ra_cramdarcy","first-page":"11","article-title":"Review of IS Security Compliance: Toward the Building Blocks of an IS Security Theory","volume":"48","author":"Balozian","year":"2017","journal-title":"The DATA BASE for Advances in Information Systems"},{"issue":"8","key":"2025082212125206500_b5-08_15117_ra_cramdarcy","first-page":"154","article-title":"Achieving Rigor in Literature Reviews: Insights from Qualitative Data Analysis and Tool-Support","volume":"34","author":"Bandara","year":"2015","journal-title":"Communications of the AIS"},{"issue":"2","key":"2025082212125206500_b6-08_15117_ra_cramdarcy","first-page":"191","article-title":"Self-Efficacy: Toward a Unified Theory of Behavioral Change","volume":"84","author":"Bandura","year":"1977","journal-title":"Psychological Review"},{"issue":"3","key":"2025082212125206500_b7-08_15117_ra_cramdarcy","first-page":"44","article-title":"From Information Security Awareness to Reasoned Compliant Action: Analyzing Information Security Policy Compliance in a Large Banking Organization","volume":"48","author":"Bauer","year":"2017","journal-title":"The DATA BASE for Advances in Information Systems"},{"issue":"3","key":"2025082212125206500_b8-08_15117_ra_cramdarcy","first-page":"477","article-title":"Using Metaanalytic Structural Equation Modeling to Advance Strategic Management Research: Guidelines and an Empirical Illustration Via the Strategic Leadership\u2013Performance Relationship","volume":"37","author":"Bergh","year":"2016","journal-title":"Strategic Management Journal"},{"key":"2025082212125206500_b9-08_15117_ra_cramdarcy","volume-title":"Introduction to Meta-Analysis","author":"Borenstein","year":"2009"},{"issue":"4","key":"2025082212125206500_b10-08_15117_ra_cramdarcy","first-page":"837","article-title":"What Do Users Have to Fear? Using Fear Appeals to Engender Threats and Fear That Motivate Protective Behaviors in Users","volume":"39","author":"Boss","year":"2015","journal-title":"MIS Quarterly"},{"issue":"3","key":"2025082212125206500_b11-08_15117_ra_cramdarcy","first-page":"523","article-title":"Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness","volume":"34","author":"Bulgurcu","year":"2010","journal-title":"MIS Quarterly"},{"issue":"3","key":"2025082212125206500_b12-08_15117_ra_cramdarcy","first-page":"1003","article-title":"Assessing Common Method Bias: Problems with the ULMC Technique","volume":"36","author":"Chin","year":"2012","journal-title":"MIS Quarterly"},{"issue":"1","key":"2025082212125206500_b13-08_15117_ra_cramdarcy","first-page":"209","article-title":"Explaining the Misuse of Information Systems Resources in the Workplace: A Dual-Process Approach","volume":"131","author":"Chu","year":"2015","journal-title":"Journal of Business Ethics"},{"issue":"1","key":"2025082212125206500_b14-08_15117_ra_cramdarcy","first-page":"37","article-title":"A Coefficient of Agreement for Nominal Scales","volume":"20","author":"Cohen","year":"1960","journal-title":"Educational and Psychological Measurement"},{"key":"2025082212125206500_b15-08_15117_ra_cramdarcy","volume-title":"Statistical Power Analysis for the Behavioral Sciences","author":"Cohen","year":"1988","edition":"2nd"},{"key":"2025082212125206500_b16-08_15117_ra_cramdarcy","volume-title":"Applied Multiple Regression\/Correlation Analysis for the Behavioral Sciences","author":"Cohen","year":"2003"},{"issue":"3","key":"2025082212125206500_b17-08_15117_ra_cramdarcy","first-page":"425","article-title":"Justice at the Millennium: A Meta-Analytic Review of 25 Years of Organizational Justice Research","volume":"86","author":"Colquitt","year":"2000","journal-title":"The Journal of Applied Psychology"},{"key":"2025082212125206500_b18-08_15117_ra_cramdarcy","volume-title":"The Handbook of Research Synthesis and Meta-Analysis","author":"Cooper","year":"2009"},{"issue":"6","key":"2025082212125206500_b19-08_15117_ra_cramdarcy","first-page":"605","article-title":"Organizational Information Security Policies: A Review and Research Framework","volume":"26","author":"Cram","year":"2017","journal-title":"European Journal of Information Systems"},{"key":"2025082212125206500_b20-08_15117_ra_cramdarcy","first-page":"90","article-title":"Future Directions for Behavioral Information Security Research","volume":"32","author":"Crossler","year":"2013","journal-title":"Computers & Security"},{"issue":"5","key":"2025082212125206500_b21-08_15117_ra_cramdarcy","first-page":"474","article-title":"Security Culture and the Employment Relationship as Drivers of Employees\u2019 Security Compliance","volume":"22","author":"D\u2019Arcy","year":"2014","journal-title":"Information Management & Computer Security"},{"issue":"6","key":"2025082212125206500_b22-08_15117_ra_cramdarcy","first-page":"643","article-title":"A Review and Analysis of Deterrence Theory in the IS Security Literature: Making Sense of the Disparate Findings","volume":"29","author":"D\u2019Arcy","year":"2011","journal-title":"European Journal of Information Systems"},{"issue":"2","key":"2025082212125206500_b23-08_15117_ra_cramdarcy","first-page":"285","article-title":"Understanding Employee Responses to Stressful Information Security Requirements: A Coping Perspective","volume":"31","author":"D\u2019Arcy","year":"2014","journal-title":"Journal of Management Information Systems"},{"issue":"2","key":"2025082212125206500_b24-08_15117_ra_cramdarcy","first-page":"167","article-title":"Understanding Fit and Appropriation Effects in Group Support Systems Via Meta-Analysis","volume":"25","author":"Dennis","year":"2001","journal-title":"MIS Quarterly"},{"key":"2025082212125206500_b25-08_15117_ra_cramdarcy","first-page":"11","article-title":"Publication Bias: Recognizing the Problem, Understanding Its Origins, and Scope, and Preventing Harm","volume-title":"Publication Bias in Meta Analysis: Prevention, Assessment, and Adjustments","author":"Dickersin","year":"2005"},{"issue":"2","key":"2025082212125206500_b26-08_15117_ra_cramdarcy","first-page":"373","article-title":"What Does the Brain Tell Us About Trust and Distrust? Evidence from a Functional Neuroimaging Study","volume":"34","author":"Dimoka","year":"2010","journal-title":"MIS Quarterly"},{"issue":"Part A","key":"2025082212125206500_b27-08_15117_ra_cramdarcy","first-page":"130","article-title":"Advances in the Meta-Analysis of Heterogeneous Clinical Trials I: The Inverse Variance Heterogeneity Model","volume":"45","author":"Doi","year":"2015","journal-title":"Contemporary Clinical Trials"},{"issue":"2","key":"2025082212125206500_b28-08_15117_ra_cramdarcy","first-page":"91","article-title":"Factors Influencing the Intention to Comply with Data Protection Regulations in Hospitals: Based on Gender Differences in Behaviour and Deterrence","volume":"25","author":"Foth","year":"2016","journal-title":"European Journal of Information Systems"},{"key":"2025082212125206500_b29-08_15117_ra_cramdarcy","first-page":"169","article-title":"Comparing Two Handbooks of Meta-Analysis: Review of Hunter & Schmidt, Methods of Meta-Analysis: Correcting Error and Bias in Research Findings, and Borenstein, Hedges, Higgins, and Rothstein, Introduction to Meta-Analysis","volume":"4","author":"Geganfurtner","year":"2011","journal-title":"Vocations and Learning"},{"issue":"3","key":"2025082212125206500_b30-08_15117_ra_cramdarcy","first-page":"360","article-title":"Can We Have Fun @ Work? The Role of Intrinsic Motivation for Utilitarian Systems","volume":"22","author":"Gerow","year":"2013","journal-title":"European Journal of Information Systems"},{"issue":"4","key":"2025082212125206500_b31-08_15117_ra_cramdarcy","first-page":"1159","article-title":"Looking Toward the Future of IT-Business Strategic Alignment through the Past: A Meta-Analysis","volume":"38","author":"Gerow","year":"2014","journal-title":"MIS Quarterly"},{"issue":"10","key":"2025082212125206500_b32-08_15117_ra_cramdarcy","first-page":"351","article-title":"Primary, Secondary, and Meta-Analysis of Research","volume":"5","author":"Glass","year":"1976","journal-title":"Review of Research in Education"},{"issue":"4","key":"2025082212125206500_b33-08_15117_ra_cramdarcy","first-page":"286","article-title":"A Path to Successful Management of Employee Security Compliance: An Empirical Study of Information Security Climate","volume":"57","author":"Goo","year":"2014","journal-title":"IEEE Transactions on Professional Communication"},{"key":"2025082212125206500_b34-08_15117_ra_cramdarcy","first-page":"242","article-title":"Security-Related Behavior in Using Information Systems in the Workplace: A Review and Synthesis","volume":"32","author":"Guo","year":"2013","journal-title":"Computers & Security"},{"issue":"3","key":"2025082212125206500_b35-08_15117_ra_cramdarcy","first-page":"257","article-title":"The Effect of Codes of Ethics and Personal Denial of Responsibility on Computer Abuse Judgements and Intentions","volume":"20","author":"Harrington","year":"1996","journal-title":"MIS Quarterly"},{"issue":"1","key":"2025082212125206500_b36-08_15117_ra_cramdarcy","first-page":"301","article-title":"The Role of User Participation in Information Systems Development: Implications from a Meta-Analysis","volume":"25","author":"He","year":"2008","journal-title":"Journal of Management Information Systems"},{"issue":"3","key":"2025082212125206500_b37-08_15117_ra_cramdarcy","first-page":"203","article-title":"The Power of Statistical Tests in Meta-Analysis","volume":"6","author":"Hedges","year":"2001","journal-title":"Psychological Methods"},{"issue":"2","key":"2025082212125206500_b38-08_15117_ra_cramdarcy","first-page":"154","article-title":"Encouraging Information Security Behaviors in Organizations: Role of Penalties, Pressures and Perceived Effectiveness","volume":"47","author":"Herath","year":"2009","journal-title":"Decision Support Systems"},{"issue":"2","key":"2025082212125206500_b39-08_15117_ra_cramdarcy","first-page":"106","article-title":"Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations","volume":"18","author":"Herath","year":"2009","journal-title":"European Journal of Information Systems"},{"key":"2025082212125206500_b40-08_15117_ra_cramdarcy","first-page":"49","article-title":"Grey Literature and Systematic Reviews","volume-title":"Publication Bias in Meta Analysis: Prevention, Assessment, and Adjustments","author":"Hopewell","year":"2005"},{"issue":"2","key":"2025082212125206500_b41-08_15117_ra_cramdarcy","first-page":"99","article-title":"Applying an Extended Model of Deterrence Across Cultures: An Investigation of Information Systems Misuse in the U.S. and South Korea","volume":"49","author":"Hovav","year":"2012","journal-title":"Information & Management"},{"key":"2025082212125206500_b42-08_15117_ra_cramdarcy","unstructured":"Hui, K. L., Vance, A., and Zhdanov, D.\u20082016. \u201cSecuring Digital Assets,\u201d in MIS Quarterly Research Curations (https:\/\/misq.org\/research-curations\/)."},{"key":"2025082212125206500_b43-08_15117_ra_cramdarcy","volume-title":"How Science Takes Stock: The Story of Meta-Analysis","author":"Hunt","year":"1997"},{"issue":"2","key":"2025082212125206500_b44-08_15117_ra_cramdarcy","first-page":"19","article-title":"Disentangling the Effect of Top Management Support and Training on Systems Implementation Success: A Meta-Analysis","volume":"35","author":"Hwang","year":"2014","journal-title":"Communications of the AIS"},{"issue":"1","key":"2025082212125206500_b45-08_15117_ra_cramdarcy","first-page":"83","article-title":"Understanding Information Systems Security Policy Compliance: An Integration of the Theory of Planned Behavior and the Protection Motivation Theory","volume":"31","author":"Ifinedo","year":"2012","journal-title":"Computers & Security"},{"key":"2025082212125206500_b46-08_15117_ra_cramdarcy","article-title":"What, I Shouldn\u2019t Have Done That? The Influence of Training and Just-in-Time Reminders on Secure Behavior","author":"Jenkins","year":"2013"},{"key":"2025082212125206500_b47-08_15117_ra_cramdarcy","article-title":"Encouraging Users to Behave Securely: Examining the Influence of Technical, Managerial, and Educational Controls on Users\u2019 Secure Behavior","author":"Jenkins","year":"2010"},{"issue":"6","key":"2025082212125206500_b48-08_15117_ra_cramdarcy","first-page":"1264","article-title":"How Does Human Resource Management Influence Organizational Outcomes? A Meta-Analytic Investigation of Mediating Mechanisms","volume":"55","author":"Jiang","year":"2012","journal-title":"Academy of Management Journal"},{"issue":"1","key":"2025082212125206500_b49-08_15117_ra_cramdarcy","first-page":"1","article-title":"A Heuristic Method for Estimating the Relative Weight of Predictor Variables in Multiple Regression","volume":"35","author":"Johnson","year":"2000","journal-title":"Multivariate Behavioral Research"},{"issue":"3","key":"2025082212125206500_b50-08_15117_ra_cramdarcy","first-page":"238","article-title":"History and Use of Relative Importance Indices in Organizational Research","volume":"7","author":"Johnson","year":"2004","journal-title":"Organizational Research Methods"},{"issue":"1","key":"2025082212125206500_b51-08_15117_ra_cramdarcy","first-page":"113","article-title":"An Enhanced Fear Appeal Rhetorical Framework: Leveraging Threats to the Human Asset through Sanctioning Rhetoric","volume":"39","author":"Johnston","year":"2015","journal-title":"MIS Quarterly"},{"issue":"3","key":"2025082212125206500_b52-08_15117_ra_cramdarcy","first-page":"547","article-title":"Turnover of Information Technology Professionals: A Narrative Review, Meta-Analytic Structural Equation Modeling, and Model Development","volume":"31","author":"Joseph","year":"2007","journal-title":"MIS Quarterly"},{"key":"2025082212125206500_b53-08_15117_ra_cramdarcy","article-title":"A Tale of Two Cities: Policy Compliance of the Banks in the United States and South Korea","author":"Kam","year":"2015"},{"key":"2025082212125206500_b54-08_15117_ra_cramdarcy","unstructured":"Kaspersky Lab\n          . 2017. \u201cHuman Factor in IT Security: How Employees Are Making Businesses Vulnerable from Within\u201d (https:\/\/usa.kaspersky.com\/about\/press-releases\/2017_kaseprsky-lab-survey-one-in-four-hide-cybersecurity-incidents-from-their-employers; retrieved October\u20084, 2017)."},{"issue":"4","key":"2025082212125206500_b55-08_15117_ra_cramdarcy","first-page":"624","article-title":"Publication Bias in the Organizational Sciences","volume":"15","author":"Kepes","year":"2012","journal-title":"Organizational Research Methods"},{"key":"2025082212125206500_b56-08_15117_ra_cramdarcy","article-title":"Exploring Determinants of Different Information Security Behaviors","volume-title":"Master\u2019s Thesis","author":"Kinnunen","year":"2016"},{"key":"2025082212125206500_b57-08_15117_ra_cramdarcy","first-page":"347","article-title":"Stage and Sequence: The Cognitive Developmental Approach to Socialization","volume-title":"Handbook of Socialization Theory","author":"Kohlberg","year":"1969"},{"issue":"2","key":"2025082212125206500_b58-08_15117_ra_cramdarcy","first-page":"127","article-title":"Measuring Information Technology Payoff: A Meta-Analysis of Structural Variables in Firm-Level Empirical Research","volume":"14","author":"Kohli","year":"2003","journal-title":"Information Systems Research"},{"issue":"5","key":"2025082212125206500_b59-08_15117_ra_cramdarcy","first-page":"597","article-title":"Why There Aren\u2019t More Information Security Research Studies","volume":"41","author":"Kotulic","year":"2004","journal-title":"Information & Management"},{"issue":"1","key":"2025082212125206500_b60-08_15117_ra_cramdarcy","first-page":"159","article-title":"The Measurement of Observer Agreement for Categorical Data","volume":"33","author":"Landis","year":"1977","journal-title":"Biometrics"},{"issue":"8","key":"2025082212125206500_b61-08_15117_ra_cramdarcy","first-page":"975","article-title":"Organizational Size and IT Innovation Adoption: A Meta-Analysis","volume":"43","author":"Lee","year":"2006","journal-title":"Information & Management"},{"key":"2025082212125206500_b62-08_15117_ra_cramdarcy","article-title":"The Role of Situational Moral Judgment and Deterrence on Information Security Policy Violation","author":"Li","year":"2017"},{"issue":"6","key":"2025082212125206500_b63-08_15117_ra_cramdarcy","first-page":"479","article-title":"Exploring the Effects of Organizational Justice, Personal Ethics and Sanction on Internet Use Policy Compliance","volume":"24","author":"Li","year":"2014","journal-title":"Information Systems Journal"},{"issue":"4","key":"2025082212125206500_b64-08_15117_ra_cramdarcy","first-page":"635","article-title":"Understanding Compliance with Internet Use Policy from the Perspective of Rational Choice Theory","volume":"48","author":"Li","year":"2010","journal-title":"Decision Support Systems"},{"issue":"7","key":"2025082212125206500_b65-08_15117_ra_cramdarcy","first-page":"394","article-title":"Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective","volume":"11","author":"Liang","year":"2010","journal-title":"Journal of the Association for Information Systems"},{"issue":"7","key":"2025082212125206500_b66-08_15117_ra_cramdarcy","first-page":"1","article-title":"The Prisma Statement for Reporting Systematic Reviews and Meta-Analyses of Studies That Evaluate Health Care Interventions: Explanation and Elaboration","volume":"6","author":"Liberati","year":"2009","journal-title":"PLoS Medicine"},{"key":"2025082212125206500_b67-08_15117_ra_cramdarcy","volume-title":"Practical Meta-Analysis","author":"Lipsey","year":"2001"},{"key":"2025082212125206500_b68-08_15117_ra_cramdarcy","article-title":"An Introduction to and Generalization of the \u201cFail-Safe N","author":"Long","year":"2001"},{"issue":"6","key":"2025082212125206500_b69-08_15117_ra_cramdarcy","first-page":"546","article-title":"Why Security and Privacy Research Lies at the Centre of the Information Systems (IS) Artefact: Proposing a Bold Research Agenda","volume":"26","author":"Lowry","year":"2017","journal-title":"European Journal of Information Systems"},{"issue":"5","key":"2025082212125206500_b70-08_15117_ra_cramdarcy","first-page":"465","article-title":"Proposing the Control-Reactance Compliance Model (CRCM) to Explain Opposing Motivations to Comply with Organisational Information Security Policies","volume":"25","author":"Lowry","year":"2015","journal-title":"Information Systems Journal"},{"issue":"12","key":"2025082212125206500_b71-08_15117_ra_cramdarcy","first-page":"1865","article-title":"Common Method Variance in IS Research: A Comparison of Alternative Approaches and a Reanalysis of Past Research","volume":"52","author":"Malhotra","year":"2006","journal-title":"Management Science"},{"issue":"4","key":"2025082212125206500_b72-08_15117_ra_cramdarcy","first-page":"927","article-title":"Publication Bias: A Case Study of Four Test Vendors","volume":"59","author":"McDaniel","year":"2006","journal-title":"Personnel Psychology"},{"issue":"1","key":"2025082212125206500_b73-08_15117_ra_cramdarcy","first-page":"35","article-title":"How Personality and Moral Identity Relate to Individuals\u2019 Ethical Ideology","volume":"20","author":"McFerran","year":"2010","journal-title":"Business Ethics Quarterly"},{"issue":"1","key":"2025082212125206500_b74-08_15117_ra_cramdarcy","first-page":"285","article-title":"Toward a Unified Model of Information Security Policy Compliance","volume":"42","author":"Moody","year":"2018","journal-title":"MIS Quarterly"},{"issue":"2","key":"2025082212125206500_b75-08_15117_ra_cramdarcy","first-page":"126","article-title":"What Levels of Moral Reasoning and Values Explain Adherence to Information Security Rules? An Empirical Study","volume":"18","author":"Myyry","year":"2009","journal-title":"European Journal of Information Systems"},{"issue":"5","key":"2025082212125206500_b76-08_15117_ra_cramdarcy","first-page":"788","article-title":"The Relation between Emotional Intelligence and Job Performance: A Meta-Analysis","volume":"32","author":"O\u2019Boyle","year":"2011","journal-title":"Journal of Organizational Behavior and Human Decision Processes"},{"key":"2025082212125206500_b77-08_15117_ra_cramdarcy","article-title":"Integrating Cognition with an Affective Lens to Better Understand Information Security Policy Compliance","author":"Ormond","year":"2019","journal-title":"Journal of the Association for Information Systems"},{"key":"2025082212125206500_b78-08_15117_ra_cramdarcy","article-title":"Information Security Behavior: Towards Multi-Stage Models","author":"Pahnila","year":"2013"},{"key":"2025082212125206500_b79-08_15117_ra_cramdarcy","volume-title":"Fighting Computer Crime: A New Framework for Protecting Information","author":"Parker","year":"1998"},{"issue":"5","key":"2025082212125206500_b80-08_15117_ra_cramdarcy","first-page":"879","article-title":"Common Method Bias in Behavioral Research: A Critical Review of the Literature and Recommended Remedies","volume":"88","author":"Podsakoff","year":"2003","journal-title":"Journal of Applied Psychology"},{"key":"2025082212125206500_b81-08_15117_ra_cramdarcy","article-title":"Managing Insider Risk through Training & Culture","volume-title":"Ponemon Institute\u00a9 Research Report","author":"Ponemon Institute","year":"2016"},{"key":"2025082212125206500_b82-08_15117_ra_cramdarcy","first-page":"551","article-title":"Bridging the Divide: A Qualitative Comparison of Information Security Thought Patterns between Information Security Professionals and Ordinary Organizational Insiders","volume":"51","author":"Posey","year":"2014","journal-title":"Information & Management"},{"key":"2025082212125206500_b83-08_15117_ra_cramdarcy","first-page":"37","article-title":"The Empirical Status of Deterrence Theory: A Meta-Analysis","volume-title":"Taking Stock: The Status of Criminological Theory","author":"Pratt","year":"2006"},{"issue":"4","key":"2025082212125206500_b84-08_15117_ra_cramdarcy","first-page":"757","article-title":"Improving Employees\u2019 Compliance through Information Systems Security Training: An Action Research Study","volume":"34","author":"Puhakainen","year":"2010","journal-title":"MIS Quarterly"},{"key":"2025082212125206500_b85-08_15117_ra_cramdarcy","unstructured":"PwC\n          . 2016. \u201cThe Global State of Information Security Survey 2016\u201d (https:\/\/www.pwc.com\/gx\/en\/issues\/cyber-security\/information-security-survey.html; retrieved January\u200830, 2017)."},{"issue":"4","key":"2025082212125206500_b86-08_15117_ra_cramdarcy","first-page":"762","article-title":"A Tale of Three Perspectives: Examining Post Hoc Statistical Techniques for Detection and Correction of Common Method Variance","volume":"12","author":"Richardson","year":"2009","journal-title":"Organizational Research Methods"},{"issue":"2","key":"2025082212125206500_b87-08_15117_ra_cramdarcy","first-page":"464","article-title":"The File-Drawer Problem Revisited: A General Weighted Method for Calculating Fail-Safe Numbers in Meta-Analysis","volume":"59","author":"Rosenberg","year":"2005","journal-title":"Evolution"},{"issue":"3","key":"2025082212125206500_b88-08_15117_ra_cramdarcy","first-page":"638","article-title":"The \u201cFile Drawer Problem\u201d and Tolerance for Null Results","volume":"86","author":"Rosenthal","year":"1979","journal-title":"Psychological Bulletin"},{"key":"2025082212125206500_b89-08_15117_ra_cramdarcy","first-page":"1","article-title":"Publication Bias in Meta-Analysis","volume-title":"Publication Bias in Meta Analysis: Prevention, Assessment, and Adjustments","author":"Rothstein","year":"2005"},{"issue":"12","key":"2025082212125206500_b90-08_15117_ra_cramdarcy","first-page":"1849","article-title":"Information System Success: Individual and Organizational Determinants","volume":"52","author":"Sabherwal","year":"2006","journal-title":"Management Science"},{"issue":"2","key":"2025082212125206500_b91-08_15117_ra_cramdarcy","first-page":"115","article-title":"Statistical Significance Testing and Cumulative Knowledge in Psychology: Implications for Training of Researchers","volume":"1","author":"Schmidt","year":"1996","journal-title":"Psychological Methods"},{"key":"2025082212125206500_b92-08_15117_ra_cramdarcy","volume-title":"Methods of Meta-Analysis: Correcting Error and Bias in Research Findings","author":"Schmidt","year":"2015","edition":"3rd"},{"key":"2025082212125206500_b93-08_15117_ra_cramdarcy","volume-title":"Software for the Hunter-Schmidt Meta-Analysis Methods, Version 2.0","author":"Schmidt","year":"2014"},{"issue":"12","key":"2025082212125206500_b94-08_15117_ra_cramdarcy","first-page":"286","article-title":"Writing Qualitative IS Literature Reviews\u2014Guidelines for Synthesis, Interpretation, and Guidance of Research","volume":"37","author":"Schryen","year":"2015","journal-title":"Communications of the Association for Information Systems"},{"issue":"2","key":"2025082212125206500_b95-08_15117_ra_cramdarcy","first-page":"90","article-title":"Current Methods for Meta-Analysis: Approaches, Issues, and Developments","volume":"215","author":"Schultze","year":"2007","journal-title":"Zeitschrift f\u00fcr Psychologie (Journal of Psychology)"},{"issue":"4","key":"2025082212125206500_b96-08_15117_ra_cramdarcy","first-page":"533","article-title":"The Contingent Effects of Management Support and Task Interdependence on Successful Information Systems Implementation","volume":"27","author":"Sharma","year":"2003","journal-title":"MIS Quarterly"},{"issue":"3","key":"2025082212125206500_b97-08_15117_ra_cramdarcy","first-page":"473","article-title":"Estimating the Effect of Common Method Variance: The Method-Method Pair Technique with an Illustration from TAM Research","volume":"33","author":"Sharma","year":"2009","journal-title":"MIS Quarterly"},{"key":"2025082212125206500_b98-08_15117_ra_cramdarcy","first-page":"177","article-title":"Personality, Attitudes, and Intentions: Predicting Initial Adoption of Information Security Behavior","volume":"49","author":"Shropshire","year":"2015","journal-title":"Computers & Security"},{"issue":"3","key":"2025082212125206500_b99-08_15117_ra_cramdarcy","first-page":"442","article-title":"Toward a Theory of Criminal Deterrence","volume":"41","author":"Silberman","year":"1976","journal-title":"American Sociological Review"},{"issue":"1","key":"2025082212125206500_b100-08_15117_ra_cramdarcy","first-page":"31","article-title":"A Conceptual Foundation for Organizational Information Security Awareness","volume":"8","author":"Siponen","year":"2000","journal-title":"Information Management & Computer Security"},{"issue":"2","key":"2025082212125206500_b101-08_15117_ra_cramdarcy","first-page":"217","article-title":"Employees\u2019 Adherence to Information Security Policies: An Exploratory Field Study","volume":"51","author":"Siponen","year":"2014","journal-title":"Information & Management"},{"issue":"3","key":"2025082212125206500_b102-08_15117_ra_cramdarcy","first-page":"289","article-title":"Guidelines for Improving the Contextual Relevance of Field Surveys: the Case of Information Security Policy Violations","volume":"23","author":"Siponen","year":"2014","journal-title":"European Journal of Information Systems"},{"key":"2025082212125206500_b103-08_15117_ra_cramdarcy","first-page":"257","article-title":"A Review of the Theory of Planned Behaviour in the Context of Information Security Policy Compliance","author":"Sommestad","year":"2013"},{"issue":"1","key":"2025082212125206500_b104-08_15117_ra_cramdarcy","first-page":"42","article-title":"Variables Influencing Information Security Policy Compliance: A Systematic Review of Quantitative Studies","volume":"22","author":"Sommestad","year":"2014","journal-title":"Information Management & Computer Security"},{"issue":"1","key":"2025082212125206500_b105-08_15117_ra_cramdarcy","first-page":"26","article-title":"A Meta-Analysis of Studies on Protection Motivation Theory and Information Security Behaviour","volume":"9","author":"Sommestad","year":"2015","journal-title":"International Journal of Information Security and Privacy"},{"issue":"3","key":"2025082212125206500_b106-08_15117_ra_cramdarcy","first-page":"503","article-title":"User Participation in Information Systems Security Risk Management","volume":"34","author":"Spears","year":"2010","journal-title":"MIS Quarterly"},{"issue":"11","key":"2025082212125206500_b107-08_15117_ra_cramdarcy","first-page":"1119","article-title":"Publication and Related Bias in Meta-Analysis: Power of Statistical Tests and Prevalence in the Literature","volume":"53","author":"Sterne","year":"2000","journal-title":"Journal of Clinical Epidemiology"},{"key":"2025082212125206500_b108-08_15117_ra_cramdarcy","unstructured":"Straub, D.\n          \u20081986. \u201cDeterring Compute Abuse: The Effectiveness of Deterrent Countermeasures in the Computer Security Environment,\u201d unpublished D.B.A. Thesis, Indiana University."},{"issue":"3","key":"2025082212125206500_b109-08_15117_ra_cramdarcy","first-page":"255","article-title":"Effective IS Security: An Empirical Study","volume":"1","author":"Straub","year":"1990","journal-title":"Information Systems Research"},{"issue":"4","key":"2025082212125206500_b110-08_15117_ra_cramdarcy","first-page":"223","article-title":"Veni, Vidi, Vici: Breaking the TAM Logjam","volume":"8","author":"Straub","year":"2007","journal-title":"Journal of the AIS"},{"key":"2025082212125206500_b111-08_15117_ra_cramdarcy","first-page":"175","article-title":"Evidence Concerning the Consequences of Publication and Related Biases","volume-title":"Publication Bias in Meta-Analysis: Prevention, Assessment and Adjustments","author":"Sutton","year":"2006"},{"issue":"5","key":"2025082212125206500_b112-08_15117_ra_cramdarcy","first-page":"421","article-title":"Modelling Publication Bias in Meta-Analysis: A Review","volume":"9","author":"Sutton","year":"2000","journal-title":"Statistical Methods in Medical Research"},{"issue":"6","key":"2025082212125206500_b113-08_15117_ra_cramdarcy","first-page":"112","article-title":"A Framework for Guiding and Evaluating Literature Reviews","volume":"37","author":"Templier","year":"2015","journal-title":"Communications of the AIS"},{"issue":"3","key":"2025082212125206500_b114-08_15117_ra_cramdarcy","first-page":"831","article-title":"Mindfulness in Information Technology Use: Definitions, Distinctions, and a New Measure","volume":"42","author":"Thatcher","year":"2018","journal-title":"MIS Quarterly"},{"issue":"6","key":"2025082212125206500_b115-08_15117_ra_cramdarcy","first-page":"472","article-title":"The Insider Threat to Information Systems and the Effectiveness of ISO17799","volume":"24","author":"Theoharidou","year":"2005","journal-title":"Computers & Security"},{"issue":"4","key":"2025082212125206500_b116-08_15117_ra_cramdarcy","first-page":"167","article-title":"Information Security Awareness: Educating Your Users Effectively","volume":"6","author":"Thomson","year":"1998","journal-title":"Information Management & Computer Security"},{"issue":"1","key":"2025082212125206500_b117-08_15117_ra_cramdarcy","first-page":"1","article-title":"Relative Importance Analyses: A Useful Supplement to Multiple Regression Analyses","volume":"26","author":"Tonidandel","year":"2011","journal-title":"Journal of Business and Psychology"},{"issue":"2","key":"2025082212125206500_b118-08_15117_ra_cramdarcy","first-page":"207","article-title":"RWA Web: A Free, Comprehensive, Web-Based, and User-Friendly Tool for Relative Weight Analyses","volume":"30","author":"Tonidandel","year":"2015","journal-title":"Journal of Business and Psychology"},{"key":"2025082212125206500_b119-08_15117_ra_cramdarcy","volume-title":"Interpersonal Behavior","author":"Triandis","year":"1977"},{"issue":"2","key":"2025082212125206500_b120-08_15117_ra_cramdarcy","first-page":"215","article-title":"How Many Studies Do You Need? A Primer on Statistical Power for Meta-Analysis","volume":"35","author":"Valentine","year":"2010","journal-title":"Journal of Educational and Behavioral Statistics"},{"issue":"10","key":"2025082212125206500_b121-08_15117_ra_cramdarcy","first-page":"679","article-title":"Using Measures of Risk Perception to Predict Information Security Behavior: Insights from Electroencephalography (EEG)","volume":"15","author":"Vance","year":"2014","journal-title":"Journal of the AIS"},{"issue":"3","key":"2025082212125206500_b122-08_15117_ra_cramdarcy","first-page":"425","article-title":"User Acceptance of Information Technology: Toward a Unified View","volume":"27","author":"Venkatesh","year":"2003","journal-title":"MIS Quarterly"},{"issue":"4","key":"2025082212125206500_b123-08_15117_ra_cramdarcy","first-page":"865","article-title":"Theory Testing: Combining Psychometric Meta-Analysis and Structural Equations Modeling","volume":"48","author":"Viswesvaran","year":"1995","journal-title":"Personnel Psychology"},{"issue":"9","key":"2025082212125206500_b124-08_15117_ra_cramdarcy","first-page":"205","article-title":"Standing on the Shoulders of Giants: Challenges and Recommendations of Literature Search in Information Systems Research","volume":"37","author":"vom Brocke","year":"2015","journal-title":"Communications of the AIS"},{"issue":"3","key":"2025082212125206500_b125-08_15117_ra_cramdarcy","first-page":"267","article-title":"The Influence of the Informal Social Learning Environment on Information Privacy Policy Compliance Efficacy and Intention","volume":"20","author":"Warkentin","year":"2011","journal-title":"European Journal of Information Systems"},{"issue":"2","key":"2025082212125206500_b126-08_15117_ra_cramdarcy","first-page":"xiii","article-title":"Analyzing the Past to Prepare for the Future: Writing a Literature Review","volume":"26","author":"Webster","year":"2002","journal-title":"MIS Quarterly"},{"issue":"3","key":"2025082212125206500_b127-08_15117_ra_cramdarcy","first-page":"315","article-title":"Confusion of Confidence Intervals and Credibility Intervals in Meta-Analysis","volume":"75","author":"Whitener","year":"1990","journal-title":"Journal of Applied Psychology"},{"issue":"1","key":"2025082212125206500_b128-08_15117_ra_cramdarcy","first-page":"1","article-title":"Beyond Deterrence: An Expanded View of Employee Computer Abuse","volume":"37","author":"Willison","year":"2013","journal-title":"MIS Quarterly"},{"issue":"1","key":"2025082212125206500_b129-08_15117_ra_cramdarcy","first-page":"79","article-title":"Methodology for Dealing with Duplicate Study Effects in a Meta-Analysis","volume":"11","author":"Wood","year":"2008","journal-title":"Organizational Research Methods"},{"issue":"6","key":"2025082212125206500_b130-08_15117_ra_cramdarcy","first-page":"2799","article-title":"Security Lapses and the Omission of Information Security Measures: A Threat Control Model and Empirical Test","volume":"24","author":"Workman","year":"2008","journal-title":"Computers in Human Behavior"},{"issue":"6","key":"2025082212125206500_b131-08_15117_ra_cramdarcy","first-page":"680","article-title":"Toward a Better Understanding of Behavioral Intention and System Usage Constructs","volume":"21","author":"Wu","year":"2012","journal-title":"European Journal of Information Systems"},{"issue":"2","key":"2025082212125206500_b132-08_15117_ra_cramdarcy","first-page":"419","article-title":"A Meta-Analysis of the Role of Environment-Based Voluntariness of Information Technology Acceptance","volume":"33","author":"Wu","year":"2009","journal-title":"MIS Quarterly"},{"issue":"3","key":"2025082212125206500_b133-08_15117_ra_cramdarcy","first-page":"153","article-title":"Effects of Extrinsic and Intrinsic Motivators on Using Utalitarian, Hedonic, and Dual-Purposed Information Systems: A Meta-Analysis","volume":"14","author":"Wu","year":"2013","journal-title":"Journal of the AIS"},{"key":"2025082212125206500_b134-08_15117_ra_cramdarcy","first-page":"36","article-title":"Employees\u2019 Information Security Policy Compliance: A Norm Activation Perspective","volume":"92","author":"Yazdanmehr","year":"2016","journal-title":"Decision Support Systems"}],"container-title":["MIS Quarterly"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/misq.umn.edu\/misq\/article-pdf\/43\/2\/525\/5908\/08_15117_ra_cramdarcy.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/misq.umn.edu\/misq\/article-pdf\/43\/2\/525\/5908\/08_15117_ra_cramdarcy.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T16:14:08Z","timestamp":1755879248000},"score":1,"resource":{"primary":{"URL":"https:\/\/misq.umn.edu\/misq\/article\/43\/2\/525\/1635\/Seeing-the-Forest-and-the-Trees-A-Meta-Analysis-of"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,6,1]]},"references-count":134,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2019,6,1]]},"published-print":{"date-parts":[[2019,6,1]]}},"URL":"https:\/\/doi.org\/10.25300\/misq\/2019\/15117","relation":{},"ISSN":["0276-7783","2162-9730"],"issn-type":[{"value":"0276-7783","type":"print"},{"value":"2162-9730","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,6,1]]}}}