1
|
COVID-19 pandemic-induced organisational cultural shifts and employee information security compliance behaviour: a South African case study. INFORMATION AND COMPUTER SECURITY 2023. [DOI: 10.1108/ics-09-2022-0152] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Abstract] [Track Full Text] [Journal Information] [Subscribe] [Scholar Register] [Indexed: 01/19/2023]
Abstract
Purpose
The purpose of this preliminary empirical research study is to understand how environmental disruption such as brought on by the COVID-19 pandemic induces shifts in organisational culture, information security culture and subsequently employee information security compliance behaviour.
Design/methodology/approach
A single-organisation case study was used to develop understanding from direct experiences of organisational life. Both quantitative and qualitative data were collected using a sequential mixed methods approach, with the qualitative phase following the quantitative to achieve complementarity and completeness in analysis. For the quantitative phase, 48 useful responses were received after a questionnaire was sent to all 150–200 employees. For the qualitative phase, eight semi-structured interviews were conducted. Statistical software was used to analyse the quantitative data and NVivo software was used to analyse the qualitative data.
Findings
The pandemic-induced environmental disruption manifested as a sudden shift to work-from-home for employees, and relatedly an increase in cybercrime. The organisational response to this gave rise to shifts in both organisational and information security culture towards greater control (rule and goal orientations) and greater flexibility (support and innovation orientations), most significantly with information security culture flexibility. The net effect was an increase in employee information security compliance.
Originality/value
The vast literature on organisational culture and information security culture was drawn on to theoretically anchor and develop parsimonious measures of information security culture. Environmental disruptions such as those caused by the pandemic are unpredictable and their effects uncertain, hence, the study provides insight into the consequences of such disruption on information security in organisations.
Collapse
|
2
|
Karim NA, Kaur J, Khalib MN. Benefit vs Cost:Examining Factors of Intention to Comply Information Security Policy. 2021 IEEE INTERNATIONAL CONFERENCE ON COMPUTING (ICOCO) 2021. [DOI: 10.1109/icoco53166.2021.9673542] [Citation(s) in RCA: 0] [Impact Index Per Article: 0] [Reference Citation Analysis] [Track Full Text] [Subscribe] [Scholar Register] [Indexed: 09/01/2023]
Affiliation(s)
- Norisan Abd Karim
- Faculty of Computer and Mathematical Sciences Universiti Teknologi MARA,Shah Alam,Malaysia
| | - Jasber Kaur
- Faculty of Computer and Mathematical Sciences Universiti Teknologi MARA,Shah Alam,Malaysia
| | - Muhammad Naquib Khalib
- Information Technology and Record Division,Immigration Department Malaysia,Putrajaya,Malaysia
| |
Collapse
|