The Effects of Control Mechanisms on Security Compliance Intention: A Comparative Study between Employees of Healthcare and Financial Industrie

This quantitative survey study draws on the general deterrence theory (GDT), the reinforcement theory of motivation, the theory of planned behavior, and the institutional theory to investigate the differences between the perceived information systems security policy (ISSP) compliance intentions (CI) of employees in the health and financial sectors of the United States. The study explores the main effects and interactions effects of punishment (PNSH) and reward (RWRD) moderated by the certainty of control (CTNC) on the perceived ISSP CI of 87 healthcare and 76 financial sector employees in the United States. Each of the 163 participants offered four complete responses to produce 652 responses. Data analyses were via univariate GLM ANOVA F -tests in SPSS preceded by inspecting ordinal and disordinal interactions line plots. The results showed that PNSH, RWRD, and CTNC moderated one another to influence ISSP CI positively but differed from the healthcare to financial industry. The impact difference of PNSH on ISSP CI as moderated by RWRD was such that the severity of PNSH was more positively related to the employees' perceived ISSP CI in the financial but not the healthcare industry when RWRD was higher than when it was lower. Also, the main effects of PNSH and RWRD on employees' perceived CI were statistically significant at a comparatively higher power than the interactions effects for both industries while the main effect of CTNC on CI of employees was significant for the healthcare services industry only. Moreover, the type of industry (INDY) affected an employee's ISSP compliance intention with workers in healthcare having a higher perceived CI than those in the financial sector. These results suggest that management may need to complement SCM enforced by CTNC with drivers such as security training, security monitoring, and security policy that produce synergistic effects according to the need of the industry type for ensuring a positive influence on stakeholder compliance behavioral intentions.