Guidelines for improving the contextual relevance of field surveys: the case of information security policy violations

The information systems (IS) field continues to debate the relative importance of rigor and relevance in its research. While the pursuit of rigor in research is important, we argue that further effort is needed to improve practical relevance, not only in terms of topics, but also by ensuring contextual relevance. While content validity is often performed rigorously, validated survey instruments may still lack contextual relevance and be out of touch with practice. We argue that IS behavioral research can improve its practical relevance without loss of rigor by carefully addressing a number of contextual issues in instrumentation design. In this opinion article, we outline five guidelines – relating to both rigor and relevance – designed to increase the contextual relevance of field survey research, using case examples from the area of IS security. They are: (1) inform study respondents that a behavior is an ISP violation, (2) measure specific examples of ISP violations, (3) ensure that ISP violations are important ISP problems in practice, (4) ensure the applicability of IS security violations to the organizational context, and (5) consider the appropriate level of specificity and generalizability for instrumentation. We review previous behavioral research on IS security and show that no existing study meets more than three of these five guidelines. By applying these guidelines where applicable, IS scholars can increase the contextual relevance of their instrumentation, yielding results more likely to address important problems in practice.