tional behaviour (AL-Abrrow et al., 2019; Mai et al., 2016b), job satisfaction, commitment
and intention to leave (Trybou and Gemmel, 2016), user resistance for the information sys-
tem implementation (Lin et al., 2018), trust in organisation (Abela and Debono, 2019), and
productive work behaviour (Ma et al., 2019). PCB could lead to cybercrime conducted as a
result of insider threat brought about by the PCB. However, this has not been thoroughly
investigated.
2.2 The Relationship Between Psychological Contracts and Inten-
tion to comply with Information Security Policies
ISP (Information Security Policy) refers to any document that covers security programs,
system controls and user behaviour within an organisation to realise security objectives
(Landoll, 2017). ISP can be categorised into four levels: organisational-level policies, secu-
rity program-level policies, user-level policies, and system and control-level policies. Among
these, the present study focuses on user-level policies in order to identify an employee’s
psychological factors that influence their behaviour and intentions. According to ISO (In-
ternational Standards Organisation) 27001/2, user-level policies consist of eight elements;
security responsibility agreement, acceptable use of assets, security awareness program, re-
movable media disposal procedures, document control plan, mobile device security policy,
telework security policy, and disciplinary process (Landoll, 2017).
As cybercrime increases and becomes more severe and sophisticated, organisations put
greater effort into information security risk management by implementing security measures
and policies. Nonetheless, not only is the establishment of ISP within the organisation
required, but employees must actively comply with ISP, playing a key role in substantially
protecting cyber threats. Especially these days when social engineering is prevalent, the
importance of encouraging employees to conform to ISP is increasingly emphasised (Flores
and Ekstedt, 2016). Therefore, it is expected that not only the information systems but also
the users are obliged to adhere to the ISP statements.
However, if employees do not understand the importance of ISP compliance and are not
willing to comply with it, all the technical measures and strategies that organisations have
put in place will be in vain (Herath and Rao, 2009b). Hence, human factors affecting ISP
compliance intentions are needed to be understood to encourage their motivation.
The PCB has been proposed as one of the most important factors influencing employees
to perform security behaviours and to comply with security procedures. Leach (2003) stated
that employees are psychologically pressured to act in accordance with the expectations of
the organisation by voluntarily limiting and maintaining their behaviours within the range
of accepted practices. Therefore, if employees feel that the company breached their psycho-
logical contract, they could feel exasperated and compelled to get even with the company.
In addition, Abraham (2011) proposed PCB as one of the most influential factors associ-
ated with psychological ownership, organisational commitment, trust, as well as procedural
justice.
While the necessity of investigating the impact of PCB in IS security has been increased,
relevant empirical studies have not been sufficiently conducted. To the best of our knowledge
there has been only one relevant empirical study: Han et al. (2017a) examined the mediating
3