Employees’ information security awareness (ISA) in public organisations: insights from cross-cultural studies in Sweden, France, and Tunisia

Abstract

ABSTRACT The dominance of national culture in organisational environments has been widely acknowledged. This study aims to explore the impact of national culture on information security awareness by examining cultural characteristics in the public sector. Drawing on Hofstede's model, a literature review was conducted to analyze existing knowledge and identify cultural traits in selected countries. Empirical data were collected through semi-structured interviews conducted in Sweden, France, and Tunisia. The data were analyzed using the Human Aspects of Information Security (HAIS) model, revealing distinct patterns and emphasising the role of culture in shaping behaviours. The findings underscore the importance of involving Swedish employees in the policy design process to effectively enhance information security awareness. For French employees, it was found that learning from past experiences and respecting hierarchical structures are crucial factors in raising awareness. Conversely, in Tunisia, information security initiatives should take into account the social and relational aspects to promote awareness effectively. These insights provide valuable guidance to managers in multinational organisations, enabling them to comprehend the underlying forces and dynamics in countries with similar characteristics.