Information security is a multilevel phenomenon with employee security decisions being influenced by macrolevel factors (e.g., organizational policies), mesolevel factors (e.g., one's immediate workgroup—IW), and microlevel factors (e.g., individual personalities). We argue that an employee's local IW (i.e., immediate supervisor and coworkers) has a strong effect on security. This paper focuses on the effects of these mesolevel factors in the presence of macro-and microlevel factors. Drawing on the social structure and social learning framework as well as workgroup research, we hypothesize that the security behavior of an employee's IW supervisor and coworkers moderated by the nature of these relationships influences information security decisions. Our research, based on a sample of 217 full-time employees, reveals that the IW significantly affects security decisions, over and above the micro-and macrolevel factors. These effects are moderated by the nature of the relationship between employees and their IW supervisor (leader-member exchange) and coworkers (team-member exchange). A post hoc analysis shows that the mesolevel factors alone had the same explanatory power as the micro-and macrolevels combined. Our research suggests that future theory and research should include the IW and that organizations should share security responsibilities with line managers and help them understand their substantial impact on information security. Security training programs should ask employees about the behaviors of their IW supervisor and coworkers and, where needed, deliver anti-neutralization training to mitigate the effects of the IW's noncompliance behaviors.


Business and Information Technology

Keywords and Phrases

Coworker; Immediate Workgroup; Information Security Policies (ISPs); Leader-Member Exchange; Multilevel; Social Learning and Social Structure; Supervisor; Team-Member Exchange

International Standard Serial Number (ISSN)

1536-9323; 1558-3457

Document Type

Article - Journal

Document Version

Final Version

File Type





© 2023 Association for Information Systems, All rights reserved.

Publication Date

01 Jan 2023