With an upward trend of data breaches and their financial damages, organizations continue to increase investment in employees’ security awareness. Yet, 86% of breaches involve employees. This research uncovers the impact of data breaches on employees’ perceived legitimacy of information security governance and then their information security policy compliance behaviors. Drawing on the theory of the legitimacy process, we developed a mediation model of employees’ noncompliance behaviors post-breach. We plan to conduct a survey and test whether the perceived severity of data breaches decreases employees’ legitimacy perceptions of information security governance and ultimately leads to information security policy non-compliance post-breach.