Paper Type
Completed Research Paper
Abstract
Employees’ information security awareness (ISA) is a key antecedent of information security behavior. However, to date we know very little about the factors that are responsible for some employees having a higher level of ISA than others. Our study addresses this gap. We propose a model that comprises institutional, individual, and environmental factors preceding ISA. The model was empirically tested with survey data gathered from 475 employees of different organizations and industries. The model was found to explain a substantial proportion (.53) of the variance. The results indicate that providing employees with comprehensible and readily accessible information security policies and improving employees’ IT knowledge are the two most influential antecedents of ISA. The findings will help refining researchers’ understanding of ISA and will be useful for diverse stakeholders interested in encouraging employees’ information security policy compliant behavior.
Recommended Citation
Haeussinger, Felix and Kranz, Johann Prof., "Understanding the Antecedents of Information Security Awareness - An Empirical Study" (2013). AMCIS 2013 Proceedings. 3.
https://aisel.aisnet.org/amcis2013/ISSecurity/GeneralPresentations/3
Understanding the Antecedents of Information Security Awareness - An Empirical Study
Employees’ information security awareness (ISA) is a key antecedent of information security behavior. However, to date we know very little about the factors that are responsible for some employees having a higher level of ISA than others. Our study addresses this gap. We propose a model that comprises institutional, individual, and environmental factors preceding ISA. The model was empirically tested with survey data gathered from 475 employees of different organizations and industries. The model was found to explain a substantial proportion (.53) of the variance. The results indicate that providing employees with comprehensible and readily accessible information security policies and improving employees’ IT knowledge are the two most influential antecedents of ISA. The findings will help refining researchers’ understanding of ISA and will be useful for diverse stakeholders interested in encouraging employees’ information security policy compliant behavior.