Factors influencing employee compliance with information security policies: a systematic literature review of behavioral and technological aspects in cybersecurity

Alberto-Tomas Delso-Vicente (), Luis Diaz-Marcos (), Oscar Aguado-Tevar () and María García Blanes-Sebastián ()
Additional contact information
Alberto-Tomas Delso-Vicente: Rey Juan Carlos University
Luis Diaz-Marcos: Nebrija University
Oscar Aguado-Tevar: Nebrija University
María García Blanes-Sebastián: Rey Juan Carlos University

Future Business Journal, 2025, vol. 11, issue 1, 1-16

Abstract: Abstract This study investigates the factors influencing employee compliance with information security policies, with a specific focus on the interplay between behavioral and technological elements shaping employee behavior. Compliance with these policies is critical in safeguarding organizational assets in an increasingly digital and interconnected world. Addressing the gap in current literature, this research highlights the integration of behavioral theories into cybersecurity, offering a unique perspective that bridges the human and technological dimensions. Unlike prior studies that predominantly emphasize technical solutions, this work underscores the importance of organizational culture, individual attitudes, and leadership in fostering compliance. The study employs a systematic literature review following the PRISMA methodology, analyzing 2001–2023 publications from leading databases such as ACM Digital Library, IEEE Xplore, ScienceDirect, and Web of Science. This rigorous approach ensures the inclusion of high-quality studies, facilitating a comprehensive analysis of the factors influencing compliance. The findings reveal that perceived effectiveness of security measures, top management support, and organizational culture are pivotal in shaping compliance behaviors. Strategies that combine intrinsic motivators, such as personal responsibility, with extrinsic incentives, like rewards and enforcement, are identified as the most effective. These results have significant implications for practice, particularly in designing cybersecurity awareness programs tailored to individual and contextual differences. Such initiatives can be instrumental for organizations and governments in strengthening security postures across diverse sectors. By addressing both technological vulnerabilities and human behavior, this study contributes to the development of more holistic and sustainable cybersecurity strategies.

Keywords: Cybersecurity compliance; Information security policies; Behavioral insights; Human factors; Security awareness; Organizational culture; Technological advancements (search for similar items in EconPapers)
Date: 2025
References: View references in EconPapers View complete reference list from CitEc
Citations:

Downloads: (external link)
http://link.springer.com/10.1186/s43093-025-00452-7 Abstract (text/html)
Access to the full text of the articles in this series is restricted.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:spr:futbus:v:11:y:2025:i:1:d:10.1186_s43093-025-00452-7

Ordering information: This journal article can be ordered from
https://fbj.springeropen.com/

DOI: 10.1186/s43093-025-00452-7

Access Statistics for this article

Future Business Journal is currently edited by Soad Kamel Rizk and Hayam Wahba

More articles in Future Business Journal from Springer
Bibliographic data for series maintained by Sonal Shukla () and Springer Nature Abstracting and Indexing ().