Employees' in-role and extra-role information security behaviors from the P-E fit perspective

Organizations are increasingly seeking ways to encourage employee in-role and extra-role information security (InfoSec) behaviors for enhancing organizational InfoSec. One important consideration is the InfoSec congruence between the person and the organizational environment. Accordingly, drawing on person–environment (P–E) fit theory, we conducted an empirical investigation that examined (1) the effect of key components in organizational InfoSec management practice on InfoSec value P–E fit, and (2) the role of InfoSec value P–E fit on employees’ InfoSec in-role and extra-role behaviors in the organization. The results suggest that three practices—InfoSec policies; security education, training, and awareness programs; and computer monitoring—cultivate InfoSec value P–E fit, leading to an increase in employees’ InfoSec in-role and extra-role behaviors.