Understanding compliance with internet use policy from the perspective of rational choice theory

Current studies on compliance with security policies have largely ignored the impact of the perceived benefits of deviant behavior, personal norms, and organizational context. Drawing on the literature in criminology, this paper applies rational choice theory to examine how employees' intention to comply with Internet use policy is driven by cost–benefit assessments, personal norms and organizational context factors. The results indicate that employees' compliance intention is the result of competing influences of perceived benefits, formal sanctions, and security risks. Furthermore, the effect of sanction severity is found to be moderated by personal norms.