Abstract
Cybersecurity culture is increasingly recognized as a critical defense against cyber threats, shaping behaviors, awareness, and practices across organizational levels. Yet research remains fragmented, with numerous models developed in isolation and applied inconsistently. Many rely on static constructs and reductionist views that overlook the cultural logics and practical reasoning underpinning security practices in complex socio -technical systems. To address this gap, this study systematically reviews prom inent cybersecurity culture models and theories, critically examining their operationalization, grounding, and limitations. Drawing on Swidler’s culture -in-action framework, it proposes a heuristic meta -framework that unifies and contextualizes these appro aches. Rather than replacing existing models, the framework situates them as cultural tools and logics, offering a shared vocabulary to trace interactions, identify gaps, and support targeted interventions. By bridging silos and harmonizing mid -range theor ies without diluting their value, the framework provides a dynamic, context -sensitive lens to understand, stabilize, and adapt cybersecurity practices
Recommended Citation
Molati, Katiso; Snyman, Dirk; and Chigona, Wallace, "Beyond Fragmentation: A Culture-in-Action Approach to Unifying Cybersecurity Culture Theories" (2025). MCIS 2025 Proceedings. 30.
https://aisel.aisnet.org/mcis2025/30