Measuring the impact of intrinsic motivation on information security policy compliance

Most often, security breaches are related to internal employees due to their indirect or direct actions leading to information security policy (ISP) violations. Therefore, understanding employees’ intrinsic motivation and security behaviour towards ISP compliance is critical. Previous studies have identified different types of extrinsic motivation, such as complying with an ISP to avoid sanctions. This research adds an important contribution: intrinsic motivation is a more effective motivator because deterrence does not have a significant effect on employee behaviour. This thesis proposes a model which predicts that intrinsic motivation influences intentions towards ISP compliance. A combination of qualitative and quantitative approaches was used to evaluate the model via five stages.