Abstract:Deterrence theory has been widely adopted in the study of information security management; however, evidence frequently presents sometimes contradictory results. Prior meta-analytic studies have focused primarily on the use of formal deterrence constructs to predict security-compliant behavior, while informal deterrence constructs and security-risk behavior are often neglected as a result. This study aims to meta-analyze the relationships formed between both formal/informal deterrence constructs and security-compliant/risk behaviors in a comprehensive manner beyond what has taken place in prior IS security meta-analysis based on deterrence theory. By searching multiple electronic databases, we have located 40 studies, along with 108 effect sizes, pertinent to our study's purpose. Inverse variance method weighted with sample sizes was used to determine mean effect sizes. The random-effects model was used to report meta-analysis results since Q, I2, and H index showed some degree of heterogeneity existent in the collected data. Publication bias was assessed by means of fail-safe N. All proposed relationships occurring between formal/informal deterrence constructs and security-compliant/-risk behaviors were supported. Formal deterrence constructs exerted weak to moderate effects on security behavior, while informal deterrence constructs exerted moderate to strong effects on security behavior. Further, informal deterrence constructs showed greater mean effect sizes than formal deterrence constructs. Additionally, prediction intervals of deterrence constructs, along with detection certainty, included zero, which indicated that moderators may be present. Based on these findings, the mean effect sizes of deterrence constructs may be more clearly identified when dividing security behavior into both compliant- and risk- behaviors. Further moderators might be employed to improve the inconsistent findings evidenced in deterrence theory.

A meta-analysis of the deterrence theory in security-compliant and security-risk behaviors

A Meta-Analysis of Deterrence Theory in Information Security Policy Compliance Research

Does One Size Fit All? Examining the Differential Effects of IS Security Countermeasures

Violation with Concerns of Safety: A Study on Non-Compliant Behavior and the Antecedent and Consequent Effects in Power Grid Construction

Common Misunderstandings of Deterrence Theory in Information Systems Research and Future Research Directions

Does Deterrence Work in Reducing Information Security Policy Abuse by Employees?

Information Security Policy Noncompliance: an Integrative Social Influence Model.

Examining the Differential Effectiveness of Fear Appeals in Information Security Management Using Two-Stage Meta-Analysis

Study on e-government information misuse based on General Deterrence Theory

Study on the Impact of Security Countermeasures on E-Government Information Misuse

Deterrence and prevention-based model to mitigate information security insider threats in organisations

Leveraging fairness and reactance theories to deter reactive computer abuse following enhanced organisational information security policies: an empirical study of the influence of counterfactual reasoning and organisational trust

The Dialectics of Corporate Deterrence

Sanction Severity and Employees' Information Security Policy Compliance: Investigating Mediating, Moderating, and Control Variables

Hospital Staff’s Adherence to Information Security Policy: A Quest for the Antecedents of Deterrence Variables

Effects of Security Knowledge, Self-Control, and Countermeasures on Cybersecurity Behaviors

Perceived Formal and Informal Sanctions in Deterring Cybercrime in a College Sample

The Empirical Study of Active Countermeasures Deterrence Impact on Internal E-Government Information Security

The Theory of Planned Behavior and Information Security Policy Compliance

The effects of knowledge mechanisms on employees' information security threat construal

Taking Promotion and Prevention Mechanisms Matter for Information Systems Security Policy in Chinese SMEs