An Empirical Investigation of the Influence of Organizational Virtues on Information Technology Security Policy Compliance
Abstract
While studies have proposed multiple factors that influence information technology (IT) security policy compliance, this research tries to understand this phenomenon from the alternate perspective of organizational ethics. Drawing upon the theory of virtue ethics proposed by the Greek philosopher Aristotle, and subsequently forwarded by noted philosophers like Alasdair McIntyre, we theorize how organizational virtues can create a positive impact on IT security policy compliance in organizations. Our theory considers four cardinal organizational virtues: wisdom, justice, courage, and temperance. We propose that an organization that develops, practices, and implements these virtues achieves greater compliance with IT security policies. An empirical study conducted with managers in public organizations provide support for our theory. Ultimately, our work promotes a novel, virtue ethics-based perspective to better understand and address the crucial challenge of achieving IT security policy compliance.