Abstract

Psychological and behavioral characteristics are among the most important factors that instigate information security incidents. Although many previous studies have discussed the influencing factors of information security policy compliance behavior in an organization, few have considered the influence of organizational structures. In this study, the mechanism by which information security policy compliance behavioral intention is formed was studied by integrating the theory of planned behavior (TPB) and perceived organizational formalization. Data analysis was performed using the structural equation modeling (SEM) with data obtained from a survey of 261 company employees. The empirical results reveal that perceived organizational formalization significant affected cognitive processes theorized by TPB, behavioral habits, and deterrent certainty. This study suggests that formalized rules, procedures, and communications should be designed to improve employee information security policy compliance behavioral habits and intentions.