Positive emotions and employees’ protection-motivated behaviours: a moderated mediation model

    Jie Zhen Affiliation
    ; Zongxiao Xie Affiliation
    ; Kunxiang Dong Affiliation


This study explores the relationship between positive emotions and protection-motivated behaviours by focusing on the mediating role of self-efficacy and the moderating role of information security awareness. Based on a sample of 215 full-time employees from various organizations in China, the results of hierarchical regression and moderated path analysis indicate that positive emotions positively influence protection-motivated behaviours, and self-efficacy partially mediates this relationship. In addition, information security awareness has a positive moderating effect on the relationships between positive emotions and self-efficacy and between self-efficacy and protectionmotivated behaviours. Furthermore, the findings show that information security awareness has a positive moderating effect on the mediating effect of self-efficacy between positive emotions and protection-motivated behaviours. The theoretical and practical implications of these results, as well as directions for future research, are discussed.

Keyword : protection-motivated behaviours, positive emotions, information security awareness, self-efficacy, protection motivation theory, broaden-and-build theory

How to Cite
Zhen, J. ., Xie, Z. ., & Dong, K. . (2020). Positive emotions and employees’ protection-motivated behaviours: a moderated mediation model. Journal of Business Economics and Management, 21(5), 1466-1485.
Published in Issue
Sep 11, 2020
Abstract Views
PDF Downloads
Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.


Ahlan, A. R., Lubis, M., & Lubis, A. R. (2015). Information security awareness at the knowledge-based institution: Its antecedents and measures. Procedia Computer Science, 72, 361–373.

Anderson, C., Baskervill, R. L., & Kaul, M. (2017). Information security control theory: Achieving a sustainable reconciliation between sharing and protecting the privacy of information. Journal of Management Information Systems, 34(3), 1082–1112.

Bagozzi, R. P., Yi, Y., & Phillips, L. W. (1991). Assessing construct validity in organizational research. Administrative Science Quarterly, 36(3), 421–458.

Beaudry, A., & Pinsonneault, A. (2010). The other side of acceptance: Studying the direct and indirect effects of emotions on information technology use. MIS Quarterly, 34(4), 689–710.

Belanger, F., Collignon, S., Enget, K., & Negangard, E. (2017). Determinants of early conformance with information security policies. Information & Management, 54(7), 887–901.

Bhattacherjee, A. (2001). Understanding information systems continuance: An expectation-confirmation model. MIS Quarterly, 25(3), 351–370.

Bledow, R., Rosing, K., & Frese, M. (2013). A dynamic perspective on affect and creativity. Academy of Management Journal, 56(2), 432–450.

Boss, S. R., Galletta, D. F., Lowry, P. B., Moody, G. D., & Polak, P. (2015). What do systems users have to fear? Using fear appeals to engender threats and fear that motivate protective behaviors. MIS Quarterly, 39(4), 837–864.

Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523–548.

Burns, A. J., Posey, C., Roberts, T. L., & Lowry, P. B. (2017). Examining the relationship of organizational insiders’ psychological capital with information security threat and coping appraisals. Computers in Human Behavior, 68, 190–209.

Burns, A. J., Roberts, T. L., Posey, C., & Lowry, P. B. (2019). The adaptive roles of positive and negative emotions in organizational insiders’ engagement in security-based precaution taking. Information Systems Research, 30(4), 1228–1247.

Chatterjee, D., & Ravichandran, T. (2013). Governance of interorganizational information systems: A resource dependence perspective. Information Systems Research, 24(2), 261–278.

Chen, X., Wu, D., Chen, L., & Teng, J. K. L. (2018). Sanction severity and employees’ information security policy compliance: Investigating mediating, moderating, and control variables. Information & Management, 55(8), 1409–1060.

Chen, Y., Wang, Y., Nevo, S., Jin, J., Wang, L., & Chow, W. S. (2014). IT capability and organizational performance: the roles of business process agility and environmental factors. European Journal of Information Systems, 23(3), 326–342.

Cheng, L., Li, Y., Li, W., & Holm, E. (2013). Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theory. Computers & Security, 39, 447–459.

Cram, W. A., D’Arcy, J., & Proudfoot, J. (2019). Seeing the forest and the trees: A meta-analysis of the antecedents to information security policy compliance. MIS Quarterly, 43(2), 525–554.

Cram, W. A., Proudfoot, J. G., & D’Arcy, J. (2017). Organizational information security policies: A review and research framework. European Journal of Information Systems, 26(6), 605–641.

Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013). Future directions for behavioural information security research. Computers & Security, 32, 90–101.

D’Arcy, J., Herath, T., & Shoss, M. K. (2014). Understanding employee response to stressful information security requirement: A coping perspective. Journal of Management Information Systems, 31(2), 285–318.

D’Arcy, Y. J., Hovav, A., & Galletta, D. (2009). User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Information Systems Research, 20(1), 79–88.

Dinev, T., & Hu, Q. (2007). The centrality of awareness in the formation of user behavioral intention toward protective information technologies. Journal of the Association for Information Systems, 8(7), 386–408.

Edwards, J. R., & Lambert, L. S. (2007). Methods for integrating moderation and mediation: A general analytical framework using moderated path analysis. Psychological Methods, 12(1), 1–22.

Fredrickson, B. L. (2001). The role of positive emotions in positive psychology: The broaden-and-built theory of positive emotions. American Psychologist, 56(3), 218–226.

George, J. M., & Zhou, J. (2007). Dual tuning in a supportive context: Joint contributions of positive mood, negative mood, and supervisory behaviors to employee creativity. Academy of Management Journal, 50(3), 605–622.

Gulenko, I. (2014). Improving passwords: Influence of emotions on security behaviour. Information Management & Computer Security, 22(2), 167–178.

Hooge, I. E., Nelissen, R. M., Breugelmans, S. M., & Zeelenberg, M. (2011). What is moral about guilt? Acting “prosaically” at the disadvantage of others. Journal of Personality and Social Psychology, 100(3), 462–473.

Hwang, I., & Cha, O. (2018). Examining technostress creators and role stress as potential threats to employees’ information security compliance. Computers in Human Behavior, 81, 282–293.

Ifinedo, P. (2012). Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory. Computers & Security, 31(1), 83–95.

Ifinedo, P. (2014). Information systems security policy compliance: An empirical study of the effects of socialization, influence, and cognition. Information & Management, 51(1), 69–79.

Izard, C. E. (2002). Translating emotion theory and research into preventive interventions. Psychological Bulletin, 128(5), 796–824.

Johnston, A. C., & Warkentin, M. (2010). Fear appeals and information security behaviors: An empirical study. MIS Quarterly, 34(3), 549–566.

Johnston, A. C., Warkentin, M., & Siponen, M. (2015). An enhanced fear appeal rhetorical framework: Leveraging threats to the human asset through sanction rhetoric. MIS Quarterly, 39(1), 113–134.

Johnston, A. C., Warkentin, M., Mcbride, M., & Carter, L. (2016). Dispositional and situational factors: Influences on information security policy violations. European Journal of Information Systems, 25(3), 231–251.

Kaplan, S., LaPort, K., & Waller, M. J. (2013). The role of positive affectivity in team effectiveness during crises. Journal of Organizational Behavior, 34(4), 473–491.

Karjalainen, M., Sarker, S., & Siponen, M. (2019). Toward a theory of information systems security behaviors of organizational employees: A dialectical process perspective. Information Systems Research, 30(2), 687–704.

Khan, B., Alghathbar, K. S., Nabi, S. I., & Khan, K. (2011). Effectiveness of information security awareness methods based on psychological theories. African Journal of Business Management, 5(5), 10862–10868.

Khan, H. U., & AlShare, K. A. (2019). Violators versus non-violators of information security measures in organizations – A study of distinguishing factors. Journal of Organizational Computing and Electronic Commerce, 29(1), 4–23.

Larose, R., Rifon, N. J., & Enbody, R. (2008). Promoting personal responsibility for internet safety. Communications of the ACM, 51(3), 71–76.

Lazarus, R. S. (1991). Progress on a cognitive-motivational-relational theory of emotion. American Psychologist, 46(8), 819–834.

Lee, C., Lee, C. G., & Kim, S. (2016). Understanding information security stress: Focusing on the type of information security compliance activity. Computers & Security, 59, 60–70.

Moody, G. D., Siponen, M., & Pahnila, S. (2018). Toward a unified model of information security policy compliance. MIS Quarterly, 42(1), 285–311.

Niemimaa, E., & Niemimaa, M. (2017). Information systems security policy implementation in practice: From best practices to situated practices. European Journal of Information Systems, 26(1), 1–20.

Parsons, K., McCormac, A., Butavicious, M., Pattinson, M., & Jerram, C. (2014). Determining employee awareness using the human aspects of information security questionnaire. Computers & Security, 42, 165–176.

Pham, N. T., Tuckova, Z., & Pham, Q. P. T. (2019). Greening human resource management and employee commitment towards the environment: An interaction model. Journal of Business Economics and Management, 20(3), 446–465.

Posey, C., Roberts, T. L., & Lowry, P. B. (2015). The impact of organizational commitment on insiders’ motivation to protect organizational information assets. Journal of Management Information Systems, 32(4), 179–214.

Posey, C., Roberts, T. L., Lowry, P. B., & Bennett, R. (2013). Insiders’ protection of organization of organizational information assets: Developing of a systematic-based taxonomy and theory of diversity for protection-motivated behaviors. MIS Quarterly, 37(4), 1189–1210.

Posey, C., Roberts, T. L., Lowry, P. B., & Hightower, R. T. (2014). Bridging the divide: A qualitative comparison of information security thought patterns between information security professionals and ordinary organization insiders. Information & Management, 51(5), 551–567.

Puhakainen, P., & Siponen, M. (2010). Improving employees’ compliance through information systems security training: An action research study. MIS Quarterly, 34(4), 757–778.

Rai, A., & Tang, X. (2010). Leveraging IT capabilities and competitive process capabilities for the management of interorganizational relationship portfolios. Information Systems Research, 21(3), 516–542.

Rezgui, Y., & Marks, A. (2008). Information security awareness in higher education: An exploratory study. Computers & Security, 27(7–8), 241–253.

Shaw, R. S., Chen, C. C., Harris, A. L., & Huang, H. (2009). The impact of information richness on information security awareness training effectiveness. Computers & Education, 52(1), 92–100.

Shih, T., & Yang, C. (2019). Generating intangible resources and international performance: Insights into enterprises organizational behaviour and capability at trade shows. Journal of Business Economics and Management, 20(6), 1022–1044.

Siponen, M., & Vance, A. (2010). Neutralization: New insights into the problem of employee information systems security policy violations. MIS Quarterly, 34(3), 487–502.

Siponen, M., Adam, M. A., & Pahnila, S. (2014). Employees’ adherence to information security policies: An exploratory field study. Information & Management, 51(2), 217–224.

Smith, S., Winchester, D., Bunker, D., & Jamieson, R. (2010). Circuits of power: A study of mandated compliance to an information systems security de jure standard in a government organization. MIS Quarterly, 34(3), 463–486.

Tsohou, A., Karyda, M., Kokolakis, S., & Kiountouzis, E. (2013). Managing the introduction of information security awareness programs in organizations. European Journal of Information Systems, 24(1), 38–58.

Vance, A., Siponen, M., & Pahnila, M. (2012). Motivating IS security compliance: Insights from habit and protection motivation theory. Information & Management, 49(3–4), 190–198.

Willson, R., & Warkentin, M. (2013). Beyond deterrence: An expanded view of employee computer abuse. MIS Quarterly, 37(1), 1–20.