Motivating employees to engage in extra-role security behaviors: the role of information security climate and leader–member exchange

Abstract

Purpose With security breaches in modern organizations increasingly linked to human factors, strengthening the “human firewall” has become essential. This study investigates how organizations can promote extra-role security behaviors – voluntary actions beyond formal responsibilities. Drawing on social information processing theory, we argue that employees interpret organizational and relational cues to shape their security behaviors. Within this framework, we incorporate leader–member exchange (LMX) theory to propose that information security (IS) climate elements (practice, importance and laxness) and LMX quality play critical roles in fostering employees' voluntary security actions. Design/methodology/approach This study used a 2-step testing process for the survey and adopted a partial least squares-structural equation modeling to test the proposed model with a sample of 564 validated responses. Findings The findings indicate that IS climate elements increase IS awareness and beliefs, leading to enhanced extra-role security behaviors. Furthermore, LMX has direct and moderating effects on extra-role security behaviors, significantly contributing to the field of behavioral IS. Originality/value This study offers a novel perspective by highlighting the roles of IS climate and LMX in shaping extra-role security behaviors. By focusing on voluntary security actions rather than compliance-driven behaviors, it diverges from prior research and provides a distinct theoretical contribution to the behavioral IS literature.