Information security compliance behaviour in supply chain security
Since the September 11, 2001, terrorist attacks on the United States of America the cross-border supply chain has been operating in a heightened security environment. As a result, supply chain security (SCS) has received more attention both academically and professionally. To ensure the secure and smooth operation within heightened security conditions, leading international trading nations have developed several SCS initiatives collectively known as the Global Supply Chain Security (GSCS) initiatives. The GSCS initiatives dictate or advocate several security standards and demand full compliance from trading partners. One of the most important requirements of these standards is information security compliance because one of the most critical tools in combating terrorism is the intelligence gathered from information relating to cargo and its conveyances. This calls for a complex understanding of the information security compliance behaviour of market stakeholders such as traders, freight forwarders and the customs brokers, something which the existing literature does not provide. In particular, this emerging area of SCS research has not fully examined SCS in the context of GSCS initiatives. This study accordingly develops a framework for understanding information security compliance behaviour (ISCB) by formulating an aggregated model using existing theoretical frameworks such as institutional theory and social exchange theory. This study hypothesizes that there are three organizational perceptions that drive compliance behaviour: (1) perception of threats; (2) perception of norms; and (3) perception of benefits. Further, it was hypothesized that these drivers are influenced by five elements that belong to two distinctive groups, namely inter-organizational influences and rules and norms of social exchange. The inter-organizational influences consist of three elements: (1) regular demands, (2) market influence, and (3) peer pressure, while the rules and norms of social exchange are classified under reciprocity or fairness. As this is an emerging research context with limited relevant literature, a sequential mixed methods design was used to operationalize the study. The qualitative phase of this research evaluated the relevance of the constructs used in the model, which was tested in the quantitative phase. The qualitative phase was conducted with a set of interviews among 15 market stakeholders consisting of traders, freight forwarders and customs brokers. To test the quantitative model, 205 participants from the same categories were studied as the sample. To test the model partial least squares (PLS) regression analysis was applied to a structured equation model. The findings suggest that there are three significant drivers that affect ISCB, two of which lead to substantial compliance behaviour and the other to symbolic compliance behaviour. Further, the study also reveals that four of the five identified elements are significant in influencing the drivers affecting compliance behaviour. This study has both significant theoretical and practical implications. The theoretical contributions include the development of an aggregated model which explains ISCB in an inter-organizational context. From the practical aspect, this study contributes by providing a framework to identify the effectiveness of the existing security regimes in enforcing ISCB in SCS, as well as ways to enhance this process.