This paper focuses on the issue of employees’ non-compliance with Information System (IS) security procedures, a major concern for organizations. Previous studies have not considered the impact of past and automatic behavior on employees’ compliance decisions, despite the assumption that past behavior significantly influences decision-making. To address this gap, this study integrated the concept of habit with Protection Motivation Theory (PMT) to explain compliance. Empirical testing revealed that habitual IS security compliance strongly reinforced the cognitive processes theorized by PMT and influenced employees’ intentions for future compliance. Almost all components of PMT significantly affected employees’ intention to comply with IS security policies. These findings underscore the importance of considering employees’ past and automatic behavior to enhance compliance.
Critical success factors for security education, training and awareness (SETA) programme effectiveness: an empirical comparison of practitioner perspectives
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world....