How Do Paternalistic Leaders Motivate Employees' Information Security Compliance? Building a Climate and Applying Sanctions

This paper examines the underlying mechanisms through which paternalistic leadership (PL) motivates employees' information systems policy (ISP) compliance. We propose that the three dimensions of PL-authoritarian leadership (AL), benevolent leadership (BL), and moral leadership (ML)-influence employees' ISP compliance by affecting their perceptions of two information security control mechanisms: sanctions and the information security climate. Based on survey data from 760 participants, we found that the impact of AL is partially mediated by employees' perceptions of sanctions, the impact of BL is partially mediated by employees' perceptions of the information security climate, and the impact of ML is partially mediated by employees' perceptions of both sanctions and the information security climate. Our research extends the existing literature by exploring the impact of specific leadership styles on employees' perceptions of information security control mechanisms and by proposing that perceptions of information security control mechanisms play a mediating role between PL and ISP compliance. The findings suggest that in addition to choosing effective control mechanisms, it is also important for leaders to adjust their leadership style to ensure that employees perceive control mechanisms in the expected manner.