Perceptions of information security at the workplace: Linking information security climate to compliant behavior

A large number of information security breaches at the workplace result from employees’ failure to comply with organizational information security guidelines. Recent surveys report that 78% of computer attacks appear in the form of viruses embedded in email attachments. Employees who open e-mail attachments from unknown sources risk infecting their own computers as well as other computers sharing the same network. Therefore more attention needs to be paid to understanding why non-compliant behavior takes place such that appropriate measures for curbing the occurrence of such behavior can be found. With such motivation in mind, this study examines the effects of social contextual factors on employees’ compliance with organizational security policies. The research model is developed based on concepts adapted from safety climate literature that has been used to explain the safe behavior of employees in organizations. Data was collected from a sample of 140 employees from two large IT intensive organizations using a 28-item survey instrument and analyzed using structured equation modeling. Management practices, supervisory practices, and coworker’s socialization were found to be positively related to employees’ perception of information security climate in the organization. Perception of security climate and self-efficacy had positive impacts on compliant behavior. Implications of this study for research and practice are discussed.