As internal data breaches pose growing threats, understanding the psychological drivers of employee compliance with information security (IS) policies is crucial. Drawing on person–environment fit and value congruence theory, this study examines how communication uncertainty, communication ambiguity, and value dissimilarity impact IS-related anxiety—distinguishing between prospective and inhibitory dimensions—and how such anxiety reduces compliance intention. Survey data from 397 employees reveal that unclear or ambiguous IS communication heightens both forms of anxiety, which subsequently undermines compliance. Prospective anxiety stems from future-oriented concerns, while inhibitory anxiety arises from confusion or paralysis in the present. Moreover, value dissimilarity amplifies these anxiety effects, indicating that misaligned IS values intensify employees’ psychological reactivity to communication breakdowns. These findings contribute theoretically by identifying dual anxiety pathways linking communication to compliance and highlighting value dissimilarity as a critical contextual moderator. Practically, the study emphasizes the need for clear communication and value congruence to support secure behavior.
AyyagariR.GroverV.PurvisR. (2011). Technostress: Technological antecedents and implications. MIS Quarterly, 35(4), 831–858. https://doi.org/10.2307/41409963
2.
BarlowJ. B.WarkentinM.OrmondD.DennisA. (2018). Don’t even think about it! The effects of antineutralization, informational, and normative communication on information security compliance. Journal of the Association for Information Systems, 19(8), 689–715. https://doi.org/10.17705/1jais.00506
BhattacherjeeA.PremkumarG. (2004). Understanding changes in belief and attitude toward information technology usage: A theoretical model and longitudinal test. MIS Quarterly, 28(2), 229–254. https://doi.org/10.2307/25148634
5.
BulgurcuB.CavusogluH.BenbasatI. (2010). Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523–548. https://doi.org/10.2307/25750690
6.
CarletonR. N.NortonM. P. J.AsmundsonG. J. (2007). Fearing the unknown: A short version of the Intolerance of Uncertainty Scale. Journal of Anxiety Disorders, 21(1), 105–117. https://doi.org/10.1016/j.janxdis.2006.03.014
7.
ChenH.LiuM.LyuT. (2022). Understanding employees’ information security–related stress and policy compliance intention: The roles of information security fatigue and psychological capital. Information & Computer Security, 30(5), 751–770. https://doi.org/10.1108/ICS-03-2022-0047
8.
ChenY.RamamurthyK.WenK. W. (2012). Organizations’ information security policy compliance: Stick or carrot approach?Journal of Management Information Systems, 29(3), 157–188. https://doi.org/10.2753/MIS0742-1222290305
9.
ChoI.ChoJ. (2012). Differentiating uncertainty and ambiguity in organizational communication: Antecedents and effects of uncertainty and ambiguity. Journal of Communication Research, 49(1), 220–258. https://doi.org/10.22174/jcr.2012.49.1.220
10.
CooperD. (2013). Dissimilarity and learning in teams: The role of relational identification and value dissimilarity. International Journal of Intercultural Relations, 37(5), 628–642. https://doi.org/10.1016/j.ijintrel.2013.06.005
11.
D’ArcyJ.HerathT.ShossM. K. (2014). Understanding employee responses to stressful information security requirements: A coping perspective. Journal of Management Information Systems, 31(2), 285–318. https://doi.org/10.2753/MIS0742-1222310210
12.
D’ArcyJ.TehP. L. (2019). Predicting employee information security policy compliance on a daily basis: The interplay of security-related stress, emotions, and neutralization. Information & Management, 56(7), 103151. https://doi.org/10.1016/j.im.2019.02.006
13.
EdwardsJ. R.CableD. M. (2009). The value of value congruence. Journal of Applied Psychology, 94(3), 654–677. https://doi.org/10.1037/a0014891
14.
EdwardsJ. R.CableD. M.WilliamsonI. O.LambertL. S.ShippA. J. (2006). The phenomenology of fit: Linking the person and environment to the subjective experience of person–environment fit. Journal of Applied Psychology, 91(4), 802–827. https://doi.org/10.1037/0021-9010.91.4.802
15.
EnzC. A. (1989). The moderating effects of value similarity and company philosophy on the climate-commitment relationship. International Journal of Value-Based Management, 2(2), 17–34. https://doi.org/10.1007/BF01714880
16.
ErkutluH.ChafraJ. (2018). Despotic leadership and organizational deviance: The mediating role of organizational identification and the moderating role of value congruence. Journal of Strategy and Management, 11(2), 150–165. https://doi.org/10.1108/JSMA-04-2017-0029
17.
FornellC.LarckerD. F. (1981). Evaluating structural equation models with unobservable variables and measurement error. Journal of Marketing Research, 18(1), 39–50. https://doi.org/10.1177/002224378101800104
18.
HayesA. F. (2017). Introduction to mediation, moderation, and conditional process analysis: A regression-based approach. Guilford Press.
19.
HwangI.ChaO. (2018). Examining technostress creators and role stress as potential threats to employees’ information security compliance. Computers in Human Behavior, 81, 282–293. https://doi.org/10.1016/j.chb.2017.12.022
20.
HwangI.KimD.KimT.KimS. (2017). Why not comply with information security? An empirical approach for the causes of non-compliance. Online Information Review, 41(1), 2–18. https://doi.org/10.1108/OIR-11-2015-0358
21.
HwangI.SeoR. (2025). Mitigating security stress: Exploring the contingent role of collaborative communication in enhancing information security compliance. Computers & Security, 151, Article 104326. https://doi.org/10.1016/j.cose.2025.104326
22.
JohnstonA. C.WarkentinM.DennisA. R.SiponenM. (2019). Speak their language: Designing effective messages to improve employees’ information security decision making. Decision Sciences, 50(2), 245–284. https://doi.org/10.1111/deci.12328
23.
Kristof-BrownA. L.ZimmermanR. D.JohnsonE. C. (2005). Consequences of individuals’ fit at work: A meta-analysis of person–job, person–organization, person–group, and person–supervisor fit. Personnel Psychology, 58(2), 281–342. https://doi.org/10.1111/j.1744-6570.2005.00672.x
24.
LeeC.LeeC. C.KimS. (2016). Understanding information security stress: Focusing on the type of information security compliance activity. Computers & Security, 59, 60–70. https://doi.org/10.1016/j.cose.2016.02.004
25.
LeeD. J.LeeM.SuhJ. (2007). Benevolence in the importer-exporter relationship: Moderating role of value similarity and cultural familiarity. International Marketing Review, 24(6), 657–677. https://doi.org/10.1108/02651330710832649
26.
McCormacA.CalicD.ParsonsK.ButaviciusM.PattinsonM.LillieM. (2018). The effect of resilience and job stress on information security awareness. Information & Computer Security, 26(3), 277–289. https://doi.org/10.1108/ICS-03-2018-0032
27.
NunnallyJ. C. (1978). Psychometric theory (2nd ed.). McGraw-Hill.
28.
OstroffC.ShinY.KinickiA. J. (2005). Multiple perspectives of congruence: Relationships between value congruence and employee attitudes. Journal of Organizational Behavior, 26(6), 591–623. https://doi.org/10.1002/job.333
29.
PodsakoffP. M.MacKenzieS. B.LeeJ. Y.PodsakoffN. P. (2003). Common method biases in behavioral research: A critical review of the literature and recommended remedies. Journal of Applied Psychology, 88(5), 879–903. https://doi.org/10.1037/0021-9010.88.5.879
30.
RuckK.WelchM. (2012). Valuing internal communication: Management and employee perspectives. Public Relations Review, 38(2), 294–302. https://doi.org/10.1016/j.pubrev.2011.12.016
31.
ShadbadF. N.BirosD. (2022). Technostress and its influence on employee information security policy compliance. Information Technology & People, 35(1), 119–141. https://doi.org/10.1108/ITP-09-2020-0610
32.
SuarD.KhuntiaR. (2010). Influence of personal values and value congruence on unethical practices and work behavior. Journal of Business Ethics, 97, 443–460. https://doi.org/10.1007/s10551-010-0517-y
33.
TamC.de Matos ConceiçãoC.OliveiraT. (2022). What influences employees to follow security policies?Safety Science, 147, Article 105595. https://doi.org/10.1016/j.ssci.2021.105595
34.
TrangS.NastjukI. (2021). Examining the role of stress and information security policy design in information security compliance behaviour: An experimental study of in-task behaviour. Computers & Security, 104, Article 102222. https://doi.org/10.1016/j.cose.2021.102222
35.
Van den HooffB.De RidderJ. A. (2004). Knowledge sharing in context: The influence of organizational commitment, communication climate and CMC use on knowledge sharing. Journal of Knowledge Management, 8(6), 117–130. https://doi.org/10.1108/13673270410567675
36.
WixomB. H.WatsonH. J. (2001). An empirical investigation of the factors affecting data warehousing success. MIS Quarterly, 25(1), 17–41. https://doi.org/10.2307/3250957
37.
YaylaA.LeiY. (2018). Information security policies and value conflict in multinational companies. Information & Computer Security, 26(2), 230–245. https://doi.org/10.1108/ICS-08-2017-0061
38.
YazdanmehrA.LiY.WangJ. (2023). Employee responses to information security related stress: Coping and violation intention. Information Systems Journal, 33(3), 598–639. https://doi.org/10.1111/isj.12417
39.
YoungbloodS. A. (2012). Balancing the rhetorical tension between right to know and security in risk communication: Ambiguity and avoidance. Journal of Business and Technical Communication, 26(1), 35–64. https://doi.org/10.1177/1050651911421123
40.
ZhangJ.BloemerJ. (2011). Impact of value congruence on affective commitment: Examining the moderating effects. Journal of Service Management, 22(2), 160–182. https://doi.org/10.1108/09564231111124208
