Determining Bring Your Own Device (Byod) Security Policy Compliance Among Malaysian Teleworkers: Perceived Cybersecurity Governance as Moderator

Abstract

Literature evidently shows that many organizations have enabled Bring Your Own Device (BYOD) for their employees as an immediate strategy to cushion the risks of disruption to their business operations. Though these types of environments were typically not designed to support an organization’s entire workforce, it certainly made the transition easier as BYOD policy offers organizational flexibility, efficiency, and collaboration in remote work-from-home cases. Although BYOD brings many benefits to organizations and employees, cybersecurity on one endpoint is a critical concern for organizations. Cyber intruders will capitalize on any cybersecurity vulnerabilities to steal valuable data. While organizations have established BYOD security policy as a basis, the issue is whether the teleworkers comply with it. Protection Motivation Theory is used to explain the action taken by teleworkers to protect themselves when under attack and how accounting teleworker’s behavior to avoid cyber threat. Intention compliance has been studied by many researchers and recently, there was a call from a researcher to study the actual compliance in ISSPs due to a gap between intention and actual compliance. Hence, ensuring BYOD security policy compliance is crucial among the teleworkers. This paper, supported by Protection Motivation Theory (PMT) in addressing gaps in the literature, presents a conceptual model that examines determinants of BYOD security policy compliance among Malaysian teleworkers. The role of the perceived cybersecurity governance is also incorporated to investigate its interplay with the determinants.