Intentions to Comply Versus Intentions to Protect: A VIE Theory Approach to Understanding the Influence of Insiders’ Awareness of Organizational SETA Efforts

ABSTRACT In contemporary organizations, the protection of an organization's information assets is reliant on the behavior of those entrusted with access to organizational information and information systems (IS). Because of this reliance, organizations increasingly prioritize the training and education of employees through security education, training, and awareness (SETA) initiatives. Through expectancy theory and its central components of valence, instrumentality, and expectancy (VIE), we investigate the role of insiders’ awareness of organizational SETA efforts on two similar, yet distinct, security‐related intentions: intention to comply with information security policies (ISPs) and intention to protect the organization's information assets from their threats. Not only do we show how distinct these two concepts are from a quantitative standpoint, we also demonstrate differences between insiders’ compliance and protection intentions, as well as their motivational antecedents. Moreover, we demonstrate how our powerful, yet parsimonious, model based on expectancy theory explains a significant portion of the variance in these two important concepts: 52.7% in intentions to comply with ISPs and 68.1% in intentions to protect organizational information assets. We discuss the implications of our findings for research and practice and offer future research opportunities.