Employees' Adherence to Information Security Policies: A Partial Replication

This paper conducts a partial replication of (Siponen et al. 2014) which developed a multi-theory based model that explained employees' adherence to security policies. Their paper combined elements from Protection Motivation Theory (PMT), the Theory of Reasoned Action, and Cognitive Evaluation Theory. This study is a partial conceptual replication of the PMT portion of their model. We collected our data from employees of a large mid-western university. Our results, based on 110 records contradict the findings of the original study. Where, three of the four constructs in the original study (Severity, Vulnerability, and Self-Efficacy) were found to be significant, our study found the opposite, the only significant path was Response Efficacy. Our study failed to replicate the findings in the original paper. Future studies are encouraged to methodically replicate the original study by using the same measures, treatments and statistics.