IDEAS home Printed from https://ideas.repec.org/a/gam/jscscx/v11y2022i9p386-d900797.html
   My bibliography  Save this article

Cyber–Information Security Compliance and Violation Behaviour in Organisations: A Systematic Review

Author

Listed:
  • Noor Suhani Sulaiman

    (Faculty of Industrial Management, Universiti Malaysia Pahang, Kuantan 26300, Malaysia)

  • Muhammad Ashraf Fauzi

    (Faculty of Industrial Management, Universiti Malaysia Pahang, Kuantan 26300, Malaysia)

  • Walton Wider

    (Faculty of Business and Communications, INTI International University, Nilai 71800, Malaysia)

  • Jegatheesan Rajadurai

    (College of Business Management and Accounting, Universiti Tenaga Nasional Malaysia, Kajang 43000, Malaysia)

  • Suhaidah Hussain

    (Faculty of Industrial Management, Universiti Malaysia Pahang, Kuantan 26300, Malaysia)

  • Siti Aminah Harun

    (Faculty of Industrial Management, Universiti Malaysia Pahang, Kuantan 26300, Malaysia
    Faculty of Education and Social Sciences, Widad University College (WUC), Kuantan 25200, Malaysia)

Abstract

Cyber and information security (CIS) is an issue of national and international interest. Despite sophisticated security systems and extensive physical countermeasures to combat cyber-attacks, organisations are vulnerable due to the involvement of the human factor. Humans are regarded as the weakest link in cybersecurity systems as development in digital technology advances. The area of cybersecurity is an extension of the previously studied fields of information and internet security. The need to understand the underlying human behavioural factors associated with CIS policy warrants further study, mainly from theoretical perspectives. Based on these underlying theoretical perspectives, this study reviews literature focusing on CIS compliance and violations by personnel within organisations. Sixty studies from the years 2008 to 2020 were reviewed. Findings suggest that several prominent theories were used extensively and integrated with another specific theory. Protection Motivation Theory (PMT), the Theory of Planned Behaviour (TPB), and General Deterrence Theory (GDT) were identified as among the most referred-to theories in this area. The use of current theories is discussed based on their emerging importance and their suitability in future CIS studies. This review lays the foundation for future researchers by determining gaps and areas within the CIS context and encompassing employee compliance and violations within an organisation.

Suggested Citation

  • Noor Suhani Sulaiman & Muhammad Ashraf Fauzi & Walton Wider & Jegatheesan Rajadurai & Suhaidah Hussain & Siti Aminah Harun, 2022. "Cyber–Information Security Compliance and Violation Behaviour in Organisations: A Systematic Review," Social Sciences, MDPI, vol. 11(9), pages 1-17, August.
    • Handle: RePEc:gam:jscscx:v:11:y:2022:i:9:p:386-:d:900797
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2076-0760/11/9/386/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/2076-0760/11/9/386/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Benedikt Lebek & Jörg Uffen & Markus Neumann & Bernd Hohler & Michael H. Breitner, 2014. "Information security awareness and behavior: a theory-based literature review," Management Research Review, Emerald Group Publishing Limited, vol. 37(12), pages 1049-1092, November.
    2. Soomro, Zahoor Ahmed & Shah, Mahmood Hussain & Ahmed, Javed, 2016. "Information security management needs more holistic approach: A literature review," International Journal of Information Management, Elsevier, vol. 36(2), pages 215-225.
    3. Nick Hajli & Xiaolin Lin, 2016. "Exploring the Security of Information Sharing on Social Networking Sites: The Role of Perceived Control of Information," Journal of Business Ethics, Springer, vol. 133(1), pages 111-123, January.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Maurizio Cavallari, 2023. "Organizational Determinants and Compliance Behavior to Shape Information Security Plan," Academic Journal of Interdisciplinary Studies, Richtmann Publishing Ltd, vol. 12, November.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Yi Yong Lee & Chin Lay Gan & Tze Wei Liew, 2023. "Thwarting Instant Messaging Phishing Attacks: The Role of Self-Efficacy and the Mediating Effect of Attitude towards Online Sharing of Personal Information," IJERPH, MDPI, vol. 20(4), pages 1-23, February.
    2. Zamrudi Zakky & Wicaksono Teguh, 2018. "Promoting the Use of Social Commerce on SME in the Context of Logistics: UTAUT Model Examination," LOGI – Scientific Journal on Transport and Logistics, Sciendo, vol. 9(2), pages 73-82, November.
    3. Erdem Özkan, 2018. "Why Do Consumers Behave Differently in Personal Information Disclosure and Self-Disclosure? The Role of Personality Traits and Privacy Concern," Alphanumeric Journal, Bahadir Fatih Yildirim, vol. 6(2), pages 257-276, December.
    4. Baillette, Paméla & Barlette, Yves & Leclercq-Vandelannoitte, Aurélie, 2018. "Bring your own device in organizations: Extending the reversed IT adoption logic to security paradoxes for CEOs and end users," International Journal of Information Management, Elsevier, vol. 43(C), pages 76-84.
    5. Alfiero, Simona & Battisti, Enrico & Ηadjielias, Elias, 2022. "Black box technology, usage-based insurance, and prediction of purchase behavior: Evidence from the auto insurance sector," Technological Forecasting and Social Change, Elsevier, vol. 183(C).
    6. Myriam Dunn Cavelty, 2018. "Cybersecurity Research Meets Science and Technology Studies," Politics and Governance, Cogitatio Press, vol. 6(2), pages 22-30.
    7. Debabrata Dey & Abhijeet Ghoshal & Atanu Lahiri, 2022. "Circumventing Circumvention: An Economic Analysis of the Role of Education and Enforcement," Management Science, INFORMS, vol. 68(4), pages 2914-2931, April.
    8. Haqaf, Husam & Koyuncu, Murat, 2018. "Understanding key skills for information security managers," International Journal of Information Management, Elsevier, vol. 43(C), pages 165-172.
    9. Baeckström, Ylva & Marsh, Ian W. & Silvester, Joanne, 2021. "Variations in investment advice provision: A study of financial advisors of millionaire investors," Journal of Economic Behavior & Organization, Elsevier, vol. 188(C), pages 716-735.
    10. Musa Ahmed Zayyad, 2023. "An Analysis of the Privacy and Security Issues Affecting the Usage of Social Media," International Journal of Research and Innovation in Social Science, International Journal of Research and Innovation in Social Science (IJRISS), vol. 7(6), pages 19-27, June.
    11. Pal, Debajyoti & Zhang, Xiangmin & Siyal, Saeed, 2021. "Prohibitive factors to the acceptance of Internet of Things (IoT) technology in society: A smart-home context using a resistive modelling approach," Technology in Society, Elsevier, vol. 66(C).
    12. Kai Zhang & Xuejiao Chen, 2022. "Research on the Influencing Mechanism via Which Security Perception of Personal Information Affects Tourist Happiness: A Moderated Mediation Model," Sustainability, MDPI, vol. 14(22), pages 1-23, November.
    13. Yuan Tang & Yu-Tao Yang & Yun-Fei Shao, 2019. "Acceptance of Online Medical Websites: An Empirical Study in China," IJERPH, MDPI, vol. 16(6), pages 1-22, March.
    14. Shah, Zakir & Chu, Jianxun & Feng, Bo & Qaisar, Sara & Ghani, Usman & Hassan, Zameer, 2019. "If you care, I care: Perceived social support and public engagement via SNSs during crises," Technology in Society, Elsevier, vol. 59(C).
    15. Mohammad Al-Khasawneh & Shafig Al-Haddad & Abdel-Aziz Ahmad Sharabati & Hebatallah Hisham Al Khalili & Lana Laith Azar & Farah Waleed Ghabayen & Leen Mazen Jaber & Mariam Husam Ali & Ra’ed Masa’deh, 2023. "How Online Communities Affect Online Community Engagement and Word-of-Mouth Intention," Sustainability, MDPI, vol. 15(15), pages 1-23, August.
    16. Liu, Yu-li & Yan, Wenjia & Hu, Bo, 2021. "Resistance to facial recognition payment in China: The influence of privacy-related factors," Telecommunications Policy, Elsevier, vol. 45(5).
    17. Shahzada Nayyar Jehan & Zaid Ahmad Ansari, 2018. "Internet Banking Adoption in Saudi Arabia: An Empirical Study," International Journal of Marketing Studies, Canadian Center of Science and Education, vol. 10(3), pages 1-57, August.
    18. Basmah Emad ALQadheeb & Othman Ibraheem Alsalloum, 2021. "Self-Disclosure in Social Networking Sites in Saudi Arabia," International Journal of Business and Management, Canadian Center of Science and Education, vol. 13(10), pages 1-96, July.
    19. Martin Eling & Michael McShane & Trung Nguyen, 2021. "Cyber risk management: History and future research directions," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 24(1), pages 93-125, March.
    20. Liang, Hui & Sit, Jason & Chang, Jian & Zhang, Jian Jun, 2016. "Computer animation data management: Review of evolution phases and emerging issues," International Journal of Information Management, Elsevier, vol. 36(6), pages 1089-1100.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jscscx:v:11:y:2022:i:9:p:386-:d:900797. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.