Factors Influencing Employees on Compliance with Cybersecurity Policies and Their Implications for Protection of Information and Technology Assets in Saudi Arabia

Abstract

In the current digital era, it is difficult to preserve the confidentiality, integrity, and availability of an organization’s information and technology assets against cyber attacks. Organizations cannot rely solely on technical solutions for defense, since many cyber attacks attempt to exploit non-technical vulnerabilities such as how well employees comply with the organization’s cybersecurity policies. This study surveyed 245 randomly selected employees of government organizations in the Kingdom of Saudi Arabia with an electronically distributed questionnaire about factors that influence employees’ compliance with cybersecurity policies. The study found that ethical factors had the most influence on employee compliance with cybersecurity policies, followed in decreasing order of influence by legislative factors, technical factors, and administrative factors.