Cyber–Information Security Compliance and Violation Behaviour in Organisations: A Systematic Review

Sulaiman, Noor Suhani; Fauzi, Muhammad Ashraf; Wider, Walton; Rajadurai, Jegatheesan; Hussain, Suhaidah; Harun, Siti Aminah

Cyber–Information Security Compliance and Violation Behaviour in Organisations: A Systematic Review

Noor Suhani Sulaiman (), Muhammad Ashraf Fauzi (), Walton Wider, Jegatheesan Rajadurai, Suhaidah Hussain and Siti Aminah Harun
Additional contact information
Noor Suhani Sulaiman: Faculty of Industrial Management, Universiti Malaysia Pahang, Kuantan 26300, Malaysia
Muhammad Ashraf Fauzi: Faculty of Industrial Management, Universiti Malaysia Pahang, Kuantan 26300, Malaysia
Walton Wider: Faculty of Business and Communications, INTI International University, Nilai 71800, Malaysia
Jegatheesan Rajadurai: College of Business Management and Accounting, Universiti Tenaga Nasional Malaysia, Kajang 43000, Malaysia
Suhaidah Hussain: Faculty of Industrial Management, Universiti Malaysia Pahang, Kuantan 26300, Malaysia
Siti Aminah Harun: Faculty of Industrial Management, Universiti Malaysia Pahang, Kuantan 26300, Malaysia

Social Sciences, 2022, vol. 11, issue 9, 1-17

Abstract: Cyber and information security (CIS) is an issue of national and international interest. Despite sophisticated security systems and extensive physical countermeasures to combat cyber-attacks, organisations are vulnerable due to the involvement of the human factor. Humans are regarded as the weakest link in cybersecurity systems as development in digital technology advances. The area of cybersecurity is an extension of the previously studied fields of information and internet security. The need to understand the underlying human behavioural factors associated with CIS policy warrants further study, mainly from theoretical perspectives. Based on these underlying theoretical perspectives, this study reviews literature focusing on CIS compliance and violations by personnel within organisations. Sixty studies from the years 2008 to 2020 were reviewed. Findings suggest that several prominent theories were used extensively and integrated with another specific theory. Protection Motivation Theory (PMT), the Theory of Planned Behaviour (TPB), and General Deterrence Theory (GDT) were identified as among the most referred-to theories in this area. The use of current theories is discussed based on their emerging importance and their suitability in future CIS studies. This review lays the foundation for future researchers by determining gaps and areas within the CIS context and encompassing employee compliance and violations within an organisation.

Keywords: cybersecurity/information security; compliance; policy; violation; systematic review (search for similar items in EconPapers)
JEL-codes: A B N P Y80 Z00 (search for similar items in EconPapers)
Date: 2022
References: View references in EconPapers View complete reference list from CitEc
Citations: View citations in EconPapers (1)

Downloads: (external link)
https://www.mdpi.com/2076-0760/11/9/386/pdf (application/pdf)
https://www.mdpi.com/2076-0760/11/9/386/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jscscx:v:11:y:2022:i:9:p:386-:d:900797

Access Statistics for this article

Social Sciences is currently edited by Ms. Yvonne Chu

More articles in Social Sciences from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().