Companies are increasing their investment in technologies to enable better access to information and to gain a competitive advantage. Global competition is driving companies to reduce costs and enhance productivity, increasing their dependence on information technology. Information is a key asset within an organization and needs to be protected. Expanded connectivity and greater interdependence between companies and consumers has increased the damage potential of a security breach to a company's information systems. Improper unauthorized use of computer systems can create a devastating financial loss even to the point of causing the organization to go out of business. It is critically important to understand what causes users to understand, accept and to follow the organization's information systems security measures so that companies can realize the benefits of their technological investments. In the past several years, computer security breaches have stemmed from insider misuse and abuse of the information systems and non-compliance to the information systems security measures. The purpose of this study was to address the factors that affect employee acceptance of information systems security measures.

The Technology Acceptance Model was extended and served as the theoretical framework for this study to examine the factors that affect employee adoption of information systems security measures. The research model included three independent dimensions, perceived ease of use, perceived usefulness and subjective norm. These constructs were hypothesized to predict intention to use information systems security measures, moderated by management support affecting subjective norm. Five hypotheses were posited. A questionnaire was developed to collect data from employees across multiple industry segments to test these hypotheses. Partial least squares statistical methodology was used to analyze the data and to test the hypotheses. The results of the statistical analysis supported three of the five hypotheses with subjective norm and management support showing the strongest effect on intention to use information systems security measures.

Few studies have used TAM to study acceptance of systems in a mandatory environment and to specifically examine the employee acceptance of computer information systems security measures. This study, therefore, adds to the body of knowledge. Further, it provides important information for senior management and security professionals across multiple industries regarding the need to develop security policies and processes and to effectively communicate them throughout the organization and to design these measures to promote their use by employees in the organization.