Exploring the effects of organizational justice, personal ethics and sanction on internet use policy compliance

Internet security risks, the leading security threats confronting today’s organizations, often result from employees’ non-compliance with the internet use policy (IUP). Extant studies on compliance with security policies have largely ignored the impact of intrinsic motivation on employees’ compliance intention. This paper proposes a theoretical model that integrates an intrinsic self-regulatory approach with an extrinsic sanction-based command-and-control approach to examine employees’ IUP compliance intention. The self-regulatory approach centers on the effect of organizational justice and personal ethical objections against internet abuses. The results of this study suggest that the self-regulatory approach is more effective than the sanction-based command-and-control approach. Based on the self-regulatory approach, organizational justice not only influences IUP compliance intention directly but also indirectly through fostering ethical objections against internet abuses. This research provides empirical evidence of two additional effective levers for enhancing security policy compliance: organizational justice and personal ethics.