To ensure successful compliance with information security (InfoSec) policy and standards, organisations must harmonise their InfoSec training programmes with the national culture of the local workforce. A successful InfoSec policy must demonstrate the value of security, not just the requirement for security. We conducted a quantitative study of 177 professionals across 35 national cultures to investigate whether national culture influences InfoSec training and best practices using Hofstede’s six cultural dimensions. Our findings indicate that training programmes should more directly address the variances in perception of InfoSec across cultures. These training programmes should also reflect the significance of the organisation’s InfoSec policies in the context of the local employee, while maintaining unified corporate governance. By increasing training comprehension, organisations can reduce security incidents resulting from unintentional policy violations and, in turn, avoid costly remediation efforts.
Plachkinova, Miloslava and Andrés, Steven, "Improving Information Security Training: An Intercultural Perspective" (2015). PACIS 2015 Proceedings. 167.