Managing employee security behaviour in organisations: The role of cultural factors and individual values

Abstract

An increasing number of information security breaches in organisations presents a potentially serious threat to the privacy and confidentiality of personal and commercially sensitive data. Recent research shows that human beings are the weakest link in the security chain and the root cause of a great portion of security breaches. In the late 1990’s, a new phenomenon called “information security culture” has emerged as a measure to promote security-cautious behaviour of employees in organisational settings. The concept of information security culture is relatively new and research on the subject is still evolving. This research-in-progress paper contributes to our understanding of this very important topic by offering a conceptualisation of information security culture. Additionally, this study indentifies factors that instigate adverse employee behaviour in organisations.