What influences employees to follow security policies?

By combining the value of congruence model (VC), the theory of planned behaviour model (TPB), and security conscious care behaviour we show that security behaviour can be influenced through effortless and low-cost measures that are a very advantageous solution for companies to protect their assets. With a sample of 193 respondents we demonstrate that companies need only to keep their employees motivated, happy, and satisfied in order to encourage them to adhere to the cyber security policies already in place. We show that information security awareness moderates the relationship between subjective norms and behaviour intention, and that job satisfaction moderates the relationship between behaviour intention and security behaviour. We show practical and theoretical implications based on our conclusions.