IT security policies and employee compliance: The effects of organizational environment

A major threat to IT security in today’s business world is the simple problem of careless employees choosing not to comply with security policies and guidelines. Many studies have been done to track the reasoning behind this problem and try to find a solution. To address this issue, our study proposes to look at the effects of company culture and environment, including relationships among co-workers as well as their feelings toward upper management, in order to determine if a correlation exists between this relationship and an employee’s compliance with IT security policies. In order to do so, we designed a survey comprised of various questions dealing with workplace environment and thoughts on IT security policies in order to gain insight on the topic and gather useful data. We administered the survey to an anonymous group of people we assembled, ranging in age and employed by a variety of companies. The survey results were then analyzed and data trends were uncovered in order to see if a correlation does in fact exist. We found that there is a positive correlation between employees’ organizational environment and their compliance with IT security policies. We also discovered that there appears to be a lack of employee education on security policies in the workplace, which needs to be studied further in the future. To the best of our knowledge, our method is unique and stands apart from prior work in that the data gathered was not limited to employees from a specific company or of equal job status. We believe that the wide variety of our chosen participants will provide a more comprehensive look at this issue. Additionally, our study does not focus on any specific behavioral theories or try to implement any new methods in the workplace as was done earlier. We merely look at the employees’ daily, ordinary feelings and actions, giving a special “real” and “true” quality to our results.