Abstract

Many existing studies focus on the effect of external influence mechanisms (e.g., deterrence) impacting information security policy compliance (ISPC). This study explores the formation of ISPC from an autonomous motivation perspective, based on social exchange theory and self-determination theory. Data were gathered by conducting a survey of 261 employees, with hierarchical regression analysis being used to test our hypotheses.The results indicated the following: First, job satisfaction and personal responsibility positively impact ISPC. Second, job satisfaction perceived by employees is positively linked to personal responsibility, where deterrence severity has a negative moderating effect on this relationship. Finally, personal responsibility mediates the relationship between job satisfaction and ISPC. This study suggests that organizational support should focus on promoting perceived self-determination of employees, and that deterrence should be maintained at a moderate level to adapt to the organization's security strategy and information security environment.