Paper Number



An information security culture is the backbone of organizations’ efforts to counter cyber attacks. The COVID-19 pandemic has fundamentally disrupted the way organizations and individuals work, with regard to remote working practices, new communication channels and top management’s strategic decisions. Furthermore, new attack patterns exploit the vulnerabilities that come along with these changes. Based on interviews with 17 information security leaders, we formulate 10 propositions on novel facilitators and inhibitors for information security culture in times of disruptive change. Through the lens of punctuated equilibrium theory, we study which factors tip the scales for information security culture to radically transform in these unprecedented times. Our work contributes to both the research on organizational information security culture and the emerging body of literature on the impacts of the COVID-19 pandemic. In addition, we provide practitioners with valuable insights into crucial prerequisites for a strong information security culture.



When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.