Abstract:
Businesses around the world have experienced unprecedented incidents and losses related to information security exploits. The phenomenon is attributable to the increased dependency on business information processing through vast interconnected systems that bring together internal and external information handlers and users. Traditionally technical tools have been implemented to counter information security threats. Increasingly the role of people in helping organisations defend themselves against security incidents is being acknowledged. Research on human behaviour in information security has yielded largely mixed results leading to calls for investigation of the role culture in information security. The study investigated Protection Motivation Theory (PMT) factors that influence organisational insiders' desire to adopt recommended information security measures. It also investigated the effect of individualism-collectivism on security behaviour.
A quantitative analysis of response data from 203 respondents drawn mainly from South Africa was analysed to investigate the relationships. The results indicate that together with the level of individualism-collectivism, variables from PMT are important factors in employees' security implementation decisions. By operationalising individualism-collectivism at an individual level, the study offers better generalisation of findings between studies and contexts. The study offers recommendations on how businesses can build their employees' behaviour to assist in achieving information security objectives and protect the information assets of the organisation
