Abstract
The banking industry is highly prone to Information Systems (IS) security breaches from outside organizations and inside organizations. There are processes to monitor, detect, measure, and prevent IS security threats from an outside organization. However, inside organization threats to IS security are very challenging to monitor and detect, especially employee-related. The paper aims to understand how leadership plays a vital role in employee information systems security intention in the banking industry. Therefore, research applied full-range leadership style theory (FRLT) to assess the role of leadership style on employees’ information systems security intention. The study collects 517 responses from non-managerial bank employees from Brazilian banks using questionnaires and tested the theoretical relationship using partial least square structural equation modeling. The findings reveal that transformational leadership has a positive impact on the development of employee information systems security intention, whereas passive leadership harms employee intention toward information systems security. In addition to that results also show that age, education level, and work experience have moderating effects on employee intention toward information systems security. The research will help the banking industry to influence employee IS security intention through proactive and transformational leadership. In addition, it will also help leaders to understand employee intention toward information systems security aspects. The leadership role will enable IS security and flexibility in the organization.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Ajzen, I. (1991). ‘The theory of planned behavior. Organizational Behavior and Human Decision Processes, 50(2), 179–211.
Ajzen, I. (2011). The theory of planned behavior: Reactions and reflections. Psychology and Health, 26(9), 1113–1127.
Anderson, C. L., & Agarwal, R. (2010). Practicing safe computing: A multimethod empirical examination of home computer user security behavioral intentions. MIS Quarterly, 34(3), 613–643.
Avolio, B. J., & Bass, B. M. (2004). multifactor leadership questionnaire: Manual and sample set (3rd ed.). Mind Garden.
Baron, L., Rouleau, V., Grégoire, S., & Baron, C. (2018). Mindfulness and leadership flexibility. Journal of Management Development, 37(2), 165–177. https://doi.org/10.1108/JMD-06-2017-0213
Bass, B. M., et al. (1987). Transformational leadership and the falling dominoes effect. Group & Organization Management, 12(1), 73–87.
Bass, B. M., et al. (2003). ‘Predicting unit performance by assessing transformational and transactional leadership. Journal of Applied Psychology, 88(2), 207–218.
Bass, B. M., & Avolio, B. J. (1994). Improving organizational effectiveness through transformational leadership. Sage Publications.
Bhattacharya, D. (2011). Leadership styles and information security in small businesses. Information Management & Computer Security, 19(5), 300–312.
Birasnav, M., Mittal, R., & Dalpati, A. (2019). (2019) Integrating theories of strategic leadership, social exchange, and structural capital in the context of buyer-supplier relationship: An empirical study. Global Journal of Flexible Systems Management, 20, 219–236. https://doi.org/10.1007/s40171-019-00211-y
Birasnav, M., Mittal, R., & Loughlin, S. (2015). (2015) Linking leadership behaviors and information exchange to improve supply chain performance: A conceptual model. Global Journal of Flexible Systems Management, 16, 205–217. https://doi.org/10.1007/s40171-015-0092-2
Bono, J. E., & Judge, T. A. (2004). Personality and transformational and transactional leadership: A meta-analysis. Journal of Applied Psychology, 89(5), 901–910.
Boss, S. R., et al. (2015). What do systems users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviors. MIS Quarterly, 39(4), 837-U461.
Buch, R., Martinsen, Ø. L., & Kuvaas, B. (2015). ‘The destructiveness of laissez-faire leadership behavior: The mediating role of economic leader-member exchange relationships. Journal of Leadership and Organizational Studies, 22(1), 115–124.
Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2009). (2009) ‘Effects of individual and organization based beliefs and the moderating role of work experience on insiders’ good security behaviors’. International Conference on Computational Science and Engineering, 3, 476–481.
Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). ‘Information security policy compliance: An empirical study on rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523–548.
Burns, J. M. (1978). Leadership. Harper & Row.
Carrick, M., & Dunaway, C. (2017). Fit matters: How to love your job. India: Maven House.
Cavallari, M., (2012). Analysis of evidences about the relationship between organisational flexibility and information systems security. In Information systems: Crossroads for organization, management, accounting and engineering (pp. 439–447). Physica, Heidelberg.
Chan, M., Woon, I., & Kankanhalli, A. (2005). Perceptions of information security at the workplace: Linking Information security climate to compliant behavior. Journal of Information Privacy and Security, 1(3), 18–41.
Chauhan, R., Dwivedi, R., & Sherry, A. M. (2012). Critical success factors for offshoring of enterprise resource planning (ERP) implementations. Business Systems Research: International Journal of the Society for Advancing Innovation and Research in Economy, 3(1), 4–13.
Chen, X., et al. (2018). ‘Sanction severity and employees’ information security policy compliance: Investigating mediating, moderating, and control variables. Information and Management. Elsevier, 55(8), 1049–1060.
Chopra, S., Dwivedi, R., & Sherry, A. M. (2013). Leveraging technology options for financial inclusion in India. International Journal of Asian Business and Information Management (IJABIM), 4(1), 10–20.
Clarke, S., & Ward, K. (2006). The role of leader influence tactics and safety climate in engaging employees’ safety participation. Risk Analysis, 26(5), 1175–1185.
Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013). Future directions for behavioral information security research. Computers & Security, 32, 90–101.
D’Arcy, J., & Herath, T. (2011). A review and analysis of deterrence theory in the IS security literature: Making sense of the disparate findings. European Journal of Information Systems, 20(6), 643–658.
D’Arcy, J., Hovav, A., & Galletta, D. (2009). User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Information Systems Research, 20(1), 79–98.
D’Arcy, J., & Lowry, P. B. (2019). ‘Cognitive-affective drivers of employees’ daily compliance with information security policies: A multilevel, longitudinal study. Information Systems Journal, 29(1), 43–69.
Dartey-Baah, K., Quartey, S. H. and Adotey, A. (2020) ‘Examining transformational and transactional leadership styles and safety citizenship behaviors in the power distribution sector: evidence from Ghana’. International Journal of Energy Sector Management, 15(1), 173–194. https://doi.org/10.1108/IJESM-07-2020-0008
Dhar, B. K., Stasi, A., Döpping, J. O., et al. (2022). (2022) Mediating role of strategic flexibility between leadership styles on strategic execution: A study on Bangladeshi private enterprises. Global Journal of Flexible Systems Management, 23, 409–420. https://doi.org/10.1007/s40171-022-00310-3
Dwivedi, P., Alabdooli, J. I., & Dwivedi, R. (2021a). Role of FinTech adoption for competitiveness and performance of the bank: A study of banking industry in UAE. JGBC, 16, 130–138. https://doi.org/10.1007/s42943-021-00033-9
Dwivedi, R., Alrasheedi, M., Dwivedi, P., & Starešinić, B. (2022). Leveraging financial inclusion through technology-enabled services innovation: A case of economic development in India. International Journal of E-Services and Mobile Applications (IJESMA), 14(1), 1–13.
Dwivedi, R., Jaffar Karim, F., & Starešinić, B. (2021b). Critical success factors of new product development: Evidence from select cases. Business Systems Research: International Journal of the Society for Advancing Innovation and Research in Economy, 12(1), 34–44.
Dwivedi, R., & Momaya, K. (2003). Stakeholder flexibility in e-business environment: A case of an automobile company. Global Journal of Flexible Systems Management, 4(3), 21–32.
Evans, S., & Bahrami, H. (2020). Super-flexibility in practice: insights from a crisis. Global Journal of Flexible Systems Management, 21(3), 207–214
Flores, W. R., & Ekstedt, M. (2016). Shaping intention to resist social engineering through transformational leadership, information security culture and awareness. Computers and Security. https://doi.org/10.1016/j.cose.2016.01.004
Goel, S., Dwivedi, R., & Sherry, A. M. (2012). Critical factors for successful implementation of E-governance programs: A case study of HUDA. Global Journal of Flexible Systems Management, 13(4), 233–244.
Groysberg, B., Lee, J., Price, J., & Cheng, J. (2018). The leader’s guide to corporate culture. Harvard Business Review, 96(1), 44–52.
Guhr, N., Lebek, B., & Breitner, M. H. (2019). The impact of leadership on employees’ intended information security behavior: An examination of the full-range leadership theory. Information Systems Journal, 29(2), 340–362.
Guo, K. H. (2013). Security-related behavior in using information systems in the workplace: A review and synthesis. Computers & Security. https://doi.org/10.1016/j.cose.2012.10.003
Hair, J. F., Jr., et al. (2016). A primer on partial least squares structural equation modeling (PLS-SEM). New York: Sage Publications.
Herath, T., & Rao, H. R. (2009a). Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness. Decision Support Systems, 47(2), 154–165.
Herath, T., & Rao, H. R. (2009b). Protection motivation and deterrence: A framework for security policy compliance in organizations. European Journal of Information Systems, 18(2), 106–125.
Hsu, J. S. C., et al. (2015). The role of extra-role behaviors and social controls in information security policy effectiveness. Information Systems Research, 26(2), 282–300.
Hu, Q., et al. (2012). Managing employee compliance with information security policies: The critical role of top management and organizational culture. Decision Sciences, 43(4), 615–660.
Humaidi, N., & Balakrishnan, V. (2015a). ‘Leadership styles and information security compliance behavior: The mediator effect of information security awareness. International Journal of Information and Education Technology, 5(4), 311.
Humaidi, N., & Balakrishnan, V. (2015b). The Moderating effect of working experience on health information system security policies compliance behavior. Malaysian Journal of Computer Science, 28(2), 70–92.
Jensen, U. T., et al. (2019). ‘Conceptualizing and measuring transformational and transactional leadership. Administration & Society, 51(1), 3–33.
Johnson, M., et al. (2021). Impact of big data and artificial intelligence on industry: developing a workforce roadmap for a data driven economy. Global Journal of Flexible Systems Management, 22(3), 197–217.
Kam, H. J., Ormond, D. K., Menard, P., & Crossler, R. E. (2022). That’s interesting: An examination of interest theory and self-determination in organizational cybersecurity training. Information Systems Journal. https://doi.org/10.1111/isj.12374
Kelloway, E. K., Mullen, J., & Francis, L. (2006). ‘Divergent effects of transformational and passive leadership on employee safety. Journal of Occupational Health Psychology, 11(1), 76–86.
Lebek, B., Guhr, N. and Breitner, M., (2014c). ‘Transformational leadership and employees’ information security performane: the mediating role of motivation and climate. ICIS 2014 Proceedings. 21. https://aisel.aisnet.org/icis2014/proceedings/ISSecurity/21
Lebek, B., Guhr, N. and Breitner, M. H. (2014b) ‘Transformational leadership and employees ’ information security performance : the mediating role of motivation and climate’. Thirty fifth international conference on information systems, Auckland.
Lebek, B., Uffen, J., Neumann, M., Hohler, B. and H. Breitner, M. (2014a). Information security awareness and behavior: A theory-based literature review. Management Research Review, 37(12), 1049–1092. https://doi.org/10.1108/MRR-04-2013-0085
Lehto, M., & Limnéll, J. (2021). Strategic leadership in cyber security, case Finland. Information Security Journal: A Global Perspective, 30(3), 139–148.
Liang, H., Xue, Y., & Wu, L. (2013). Ensuring employees’ IT compliance: Carrot or stick? Information Systems Research, 24(2), 279–294.
Loch, K. D., Carr, H. H., & Warkentin, M. E. (1992). Threats to information systems: Today’s reality, yesterday’s understanding. MIS Quarterly, 16(2), 173–186.
Luftman, J., Derksen, B., Dwivedi, R., Santana, M., Zadeh, H. S., & Rigoni, E. (2015). Influential IT management trends: An international study. Journal of Information Technology, 30(3), 293–305.
Lumb, D. (2017) Former equifax CEO blames breach on one IT employee, https://www.engadget.com/2017-10-03-former-equifax-ceo-blames-breach-on-one-it-employee.html (Accessed Aug 13, 2022).
Maalem Lahcen, R. A., Caulkins, B., Mohapatra, R., & Kumar, M. (2020). Review and insight on the behavioral aspects of cybersecurity. Cybersecurity, 3(1), 1–18.
Malhotra, N. K. (2019). Pesquisa de marketing: Uma orientação aplicada (7th ed.). Bookman.
Mbakop, A. M., Voufo, J., Biyeme, F., Ngozag, L. A., & Meva’a, L. (2021). Analysis of information flow characteristics in shop floor: state-of-the-art and future research directions for developing countries. Global Journal of Flexible Systems Management, 22(1), 43–53.
Moody, G. D., Siponen, M., & Pahnila, S. (2018). Toward a unified model of information security policy compliance. MIS Quarterly, 42(1), 285–311.
Ng, T. W. H. (2017). Transformational leadership and performance outcomes: Analyses of multiple mediation pathways. The Leadership Quarterly., 28(3), 385–417.
Piansoongnern, O. (2013). (2013) Flexible leadership for managing talented employees in the securities industry: A case study of Thailand. Global Journal of Flexible Systems Management, 14, 107–113. https://doi.org/10.1007/s40171-013-0036-7
Podsakoff, P. M., et al. (2003). Common method biases in behavioral research: A critical review of the literature and recommended remedies. Journal of Applied Psychology, 88(5), 879–903.
Podsakoff, P. M., et al. (2006). Relationships between leader reward and punishment behavior and subordinate attitudes, perceptions, and behaviors: A meta-analytic review of existing and new research. Organizational Behavior and Human Decision Processes, 99(2), 113–142.
Puzzanghera, J. (2017) ‘I don’t think we can pass a law that fixes stupid’: Lawmakers berate Equifax ex-CEO, https://www.latimes.com/business/la-fi-equifax-hearing-ceo-20171003-story.html (access Aug 14, 20122)
Rafferty, A. E., & Griffin, M. A. (2004). Dimensions of transformational leadership: Conceptual and empirical extensions. The Leadership Quarterly, 15(3), 329–354.
Salter, C. R., Harris, M. H. and McCormack, J. (2014) ‘Bass & Avolio’s full range leadership model and moral development’, E-Leader Milan.
Simmering, M. J., et al. (2015). Marker variable choice, reporting, and interpretation in the detection of common method variance: A review and demonstration. Organizational Research Methods, 18(3), 473–511.
Siponen, M., Adam Mahmood, M., & Pahnila, S. (2014). Employees’ adherence to information security policies: An exploratory field study. Information & Management., 51(2), 217–224.
Siponen, M., & Vance, A. (2010). Neutralization: new insights into the problem of employee information systems security policy violations. MIS Quarterly, 34(3), 487–502.
Son, J.-Y. (2011). Out of fear or desire? Toward a better understanding of employees’ motivation to follow IS security policies. Information & Management., 48(7), 296–302.
Stewart, J. (2006) ‘Transformational leadership: An evolving concept examined through the works of burns, bass, avolio, and leithwood’. Canadian Journal of Educational Administration and Policy, (54). https://cdm.ucalgary.ca/index.php/cjeap/article/view/42735
Stewart, J. S., et al. (2017). ‘Managing millennials: Embracing generational differences’, Business Horizons. ‘kelley School of Business, Indiana University,’ 60(1), 45–54.
Sushil, (2000). Concept of systemic flexibility. Global Journal of Flexible Systems Management, 1(1), 77–88.
Sushil,. (2014). Leadership for practicing flowing stream strategy. Global Journal of Flexible Systems Management, 15, 89–90. https://doi.org/10.1007/s40171-014-0063-z
Smith R. Testimony (Octover 2017)://efaidnbmnnnibpcajpcglclefindmkaj/https://docs.house.gov/meetings/IF/IF17/20171003/106455/HHRG-115-IF17-Wstate-SmithR-20171003.pdf
Tremblay, M., & Gibson, M. (2016). The role of humor in the relationship between transactional leadership behavior, perceived supervisor support, and citizenship behavior. Journal of Leadership and Organizational Studies, 23(1), 39–54.
Tunggal A. B., (2022) What is the cost of a data breach in 2022?, Data breaches, upguard.com, https://www.upguard.com/blog/cost-of-data-breach (Accessed on Aug 13, 2022)
Vodanovich, S., Sundaram, D., & Myers, M. (2010). Digital natives and ubiquitous information systems. Information Systems Research, 21(4), 711–723.
Walumbwa, F. O., Wu, C., & Orwa, B. (2008). Contingent reward transactional leadership, work attitudes, and organizational citizenship behavior: The role of procedural justice climate perceptions and strength. The Leadership Quarterly, 19(3), 251–265.
Webb, T. L., & Sheeran, P. (2006). Does changing behavioral intentions engender behavior change? A meta-analysis of the experimental evidence. Psychological Bulletin, 132(2), 249–268.
Winkfield, Marcus A.; Parrish, James L.; and Tejay, Gurvirender, "Information systems security leadership: An empirical study of behavioral influences" (2017). AMCIS 2017 Proceedings. 2. https://aisel.aisnet.org/amcis2017/HumanIS/Presentations/2
Yoshikuni, A. C., & Dwivedi, R. (2022). The role of enterprise information systems strategies enabled strategy-making on organizational innovativeness: A resource orchestration perspective. Journal of Enterprise Information Management. https://doi.org/10.1108/JEIM-10-2021-0442
Yoshikuni, A. C., Lucas, E. C., & Albertin, A. L. (2019). Strategic information systems enabling strategy-as-practice and corporate performance: Empirical evidence from PLS-PM, FIMIX-PLS and fsQCA. International Business Research, 12(1), 131.
Yukl, G., & Lepsinger, R. (2004). Flexible leadership: Creating value by balancing multiple challenges and choices. USA: John Wiley & Sons.
Zhu, Y. (2013). Individual behavior: In-role and extra-role. International Journal of Business Administration, 4(1), 23–27.
Funding
The author(s) received no financial support for the research, authorship, and/or publication of this article.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The author(s) declared no potential conflicts of interest concerning the research, authorship, and/or publication of this article.
Ethical Approval
Not Applicable (The research is based on an anonymous survey).
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Almeida, M.C., Yoshikuni, A.C., Dwivedi, R. et al. Do Leadership Styles Influence Employee Information Systems Security Intention? A Study of the Banking Industry. Glob J Flex Syst Manag 23, 535–550 (2022). https://doi.org/10.1007/s40171-022-00320-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s40171-022-00320-1