Moral Hazard in Compliance: the Impact of Moral Intensity and Competing Values

This study highlights moral hazard in information systems security policy compliance arising from the fact that it is the employee who bears the compliance cost but it is the organization that bears the consequences of noncompliance. We have built a model that not only evaluates both threat appraisal and coping appraisal, but also more adequately accounts for moral hazard in compliance arising from cost-consequence misalignment. Our model incorporates the concept or moral intensity and highlights the role of employee proximity to the organization and the role of organization type in employee ISSP compliance. We have proposed concrete measures to reduce the cost-consequence alignment and moral hazard in compliance.