IDEAS home Printed from https://ideas.repec.org/a/gam/jscscx/v11y2022i9p386-d900797.html
   My bibliography  Save this article

Cyber–Information Security Compliance and Violation Behaviour in Organisations: A Systematic Review

Author

Listed:
  • Noor Suhani Sulaiman

    (Faculty of Industrial Management, Universiti Malaysia Pahang, Kuantan 26300, Malaysia)

  • Muhammad Ashraf Fauzi

    (Faculty of Industrial Management, Universiti Malaysia Pahang, Kuantan 26300, Malaysia)

  • Walton Wider

    (Faculty of Business and Communications, INTI International University, Nilai 71800, Malaysia)

  • Jegatheesan Rajadurai

    (College of Business Management and Accounting, Universiti Tenaga Nasional Malaysia, Kajang 43000, Malaysia)

  • Suhaidah Hussain

    (Faculty of Industrial Management, Universiti Malaysia Pahang, Kuantan 26300, Malaysia)

  • Siti Aminah Harun

    (Faculty of Industrial Management, Universiti Malaysia Pahang, Kuantan 26300, Malaysia
    Faculty of Education and Social Sciences, Widad University College (WUC), Kuantan 25200, Malaysia)

Abstract

Cyber and information security (CIS) is an issue of national and international interest. Despite sophisticated security systems and extensive physical countermeasures to combat cyber-attacks, organisations are vulnerable due to the involvement of the human factor. Humans are regarded as the weakest link in cybersecurity systems as development in digital technology advances. The area of cybersecurity is an extension of the previously studied fields of information and internet security. The need to understand the underlying human behavioural factors associated with CIS policy warrants further study, mainly from theoretical perspectives. Based on these underlying theoretical perspectives, this study reviews literature focusing on CIS compliance and violations by personnel within organisations. Sixty studies from the years 2008 to 2020 were reviewed. Findings suggest that several prominent theories were used extensively and integrated with another specific theory. Protection Motivation Theory (PMT), the Theory of Planned Behaviour (TPB), and General Deterrence Theory (GDT) were identified as among the most referred-to theories in this area. The use of current theories is discussed based on their emerging importance and their suitability in future CIS studies. This review lays the foundation for future researchers by determining gaps and areas within the CIS context and encompassing employee compliance and violations within an organisation.

Suggested Citation

  • Noor Suhani Sulaiman & Muhammad Ashraf Fauzi & Walton Wider & Jegatheesan Rajadurai & Suhaidah Hussain & Siti Aminah Harun, 2022. "Cyber–Information Security Compliance and Violation Behaviour in Organisations: A Systematic Review," Social Sciences, MDPI, vol. 11(9), pages 1-17, August.
    • Handle: RePEc:gam:jscscx:v:11:y:2022:i:9:p:386-:d:900797
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2076-0760/11/9/386/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/2076-0760/11/9/386/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Benedikt Lebek & Jörg Uffen & Markus Neumann & Bernd Hohler & Michael H. Breitner, 2014. "Information security awareness and behavior: a theory-based literature review," Management Research Review, Emerald Group Publishing Limited, vol. 37(12), pages 1049-1092, November.
    2. Soomro, Zahoor Ahmed & Shah, Mahmood Hussain & Ahmed, Javed, 2016. "Information security management needs more holistic approach: A literature review," International Journal of Information Management, Elsevier, vol. 36(2), pages 215-225.
    3. Nick Hajli & Xiaolin Lin, 2016. "Exploring the Security of Information Sharing on Social Networking Sites: The Role of Perceived Control of Information," Journal of Business Ethics, Springer, vol. 133(1), pages 111-123, January.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Maurizio Cavallari, 2023. "Organizational Determinants and Compliance Behavior to Shape Information Security Plan," Academic Journal of Interdisciplinary Studies, Richtmann Publishing Ltd, vol. 12, November.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Zamrudi Zakky & Wicaksono Teguh, 2018. "Promoting the Use of Social Commerce on SME in the Context of Logistics: UTAUT Model Examination," LOGI – Scientific Journal on Transport and Logistics, Sciendo, vol. 9(2), pages 73-82, November.
    2. Baillette, Paméla & Barlette, Yves & Leclercq-Vandelannoitte, Aurélie, 2018. "Bring your own device in organizations: Extending the reversed IT adoption logic to security paradoxes for CEOs and end users," International Journal of Information Management, Elsevier, vol. 43(C), pages 76-84.
    3. Weidong Li & Yalin Qin & Changjie Chen & Meng Wang, 2025. "An investigation into personal data sensitivity in the Internet of Everything—insights from China," Palgrave Communications, Palgrave Macmillan, vol. 12(1), pages 1-14, December.
    4. Alfiero, Simona & Battisti, Enrico & Ηadjielias, Elias, 2022. "Black box technology, usage-based insurance, and prediction of purchase behavior: Evidence from the auto insurance sector," Technological Forecasting and Social Change, Elsevier, vol. 183(C).
    5. Slapničar, Sergeja & Axelsen, Micheal & Bongiovanni, Ivano & Stockdale, David, 2023. "A pathway model to five lines of accountability in cybersecurity governance," International Journal of Accounting Information Systems, Elsevier, vol. 51(C).
    6. Myriam Dunn Cavelty, 2018. "Cybersecurity Research Meets Science and Technology Studies," Politics and Governance, Cogitatio Press, vol. 6(2), pages 22-30.
    7. Baeckström, Ylva & Marsh, Ian W. & Silvester, Joanne, 2021. "Variations in investment advice provision: A study of financial advisors of millionaire investors," Journal of Economic Behavior & Organization, Elsevier, vol. 188(C), pages 716-735.
    8. Pal, Debajyoti & Zhang, Xiangmin & Siyal, Saeed, 2021. "Prohibitive factors to the acceptance of Internet of Things (IoT) technology in society: A smart-home context using a resistive modelling approach," Technology in Society, Elsevier, vol. 66(C).
    9. Kai Zhang & Xuejiao Chen, 2022. "Research on the Influencing Mechanism via Which Security Perception of Personal Information Affects Tourist Happiness: A Moderated Mediation Model," Sustainability, MDPI, vol. 14(22), pages 1-23, November.
    10. Yao, Qi & Hu, Chao & Zhou, Wenkai, 2024. "The impact of customer privacy concerns on service robot adoption intentions: A credence/experience service typology perspective," Technological Forecasting and Social Change, Elsevier, vol. 198(C).
    11. Shah, Zakir & Chu, Jianxun & Feng, Bo & Qaisar, Sara & Ghani, Usman & Hassan, Zameer, 2019. "If you care, I care: Perceived social support and public engagement via SNSs during crises," Technology in Society, Elsevier, vol. 59(C).
    12. Liu, Yu-li & Yan, Wenjia & Hu, Bo, 2021. "Resistance to facial recognition payment in China: The influence of privacy-related factors," Telecommunications Policy, Elsevier, vol. 45(5).
    13. Martin Eling & Michael McShane & Trung Nguyen, 2021. "Cyber risk management: History and future research directions," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 24(1), pages 93-125, March.
    14. Malik Ishtiaq Ahmed & Raza Muhammad Ali & Hadi Noor Ul & Khan Mahwish J. & Hameed Farhina, 2023. "Social commerce constructs and purchase intention on social commerce sites: investigating the role of affective and cognitive attitudes in managing digital marketing challenges," Management & Marketing, Sciendo, vol. 18(s1), pages 474-495, December.
    15. Xuequn Wang & Mina Tajvidi & Xiaolin Lin & Nick Hajli, 2020. "Towards an Ethical and Trustworthy Social Commerce Community for Brand Value Co-creation: A trust-Commitment Perspective," Journal of Business Ethics, Springer, vol. 167(1), pages 137-152, November.
    16. Bosse, Douglas & Thompson, Steven & Ekman, Peter, 2023. "In consilium apparatus: Artificial intelligence, stakeholder reciprocity, and firm performance," Journal of Business Research, Elsevier, vol. 155(PA).
    17. Weiyin Hong & Frank K. Y. Chan & James Y. L. Thong, 2021. "Drivers and Inhibitors of Internet Privacy Concern: A Multidimensional Development Theory Perspective," Journal of Business Ethics, Springer, vol. 168(3), pages 539-564, January.
    18. Jin, Xianglan & Cui, Huizhu & Liu, Fengwei & Hu, Ziqiang & Cai, Yonghao, 2025. "Does cybersecurity regulation promote digital transformation? Evidence from the Cyber Security Law in China," Finance Research Letters, Elsevier, vol. 76(C).
    19. João J. Ferreira & Cristina Fernandes & Pedro Mota Veiga & Hussain G. Rammal, 2025. "Ethics and the dark side of online communities: mapping the field and a research agenda," Information Systems and e-Business Management, Springer, vol. 23(1), pages 99-123, March.
    20. Iwona Kowalczuk & Dagmara Stangierska & Jerzy Gębski & Agnieszka Tul-Krzyszczuk & Edyta Zmudczyńska, 2021. "Digital Consumers in the Foodservices Market," Sustainability, MDPI, vol. 13(13), pages 1-18, July.

    More about this item

    Keywords

    ;
    ;
    ;
    ;
    ;

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jscscx:v:11:y:2022:i:9:p:386-:d:900797. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.