Employees' intentions toward complying with information security controls in Saudi Arabia's public organisations

Abstract

Ensuring employees' compliance with information security controls is a major challenge experienced by the management of information security in organisations. While the investment in information security has been increased recently, many organisations around the world have failed to avoid security threats and data breaches because of noncompliant employees. This study proposes a model to explore employees' differences and identifies the factors that can shape their perceptions and intentions toward compliance. The model was examined and validated in a Saudi Arabian government organisation using partial least square structural equation modelling. The results of this study support the validity of the research model and disclose the factors that have a significant influence on employees' intentions toward compliance, particularly in Saudi Arabia's public organisations. To the best of our knowledge, this is the first study to investigate employees' perceptions and intentions toward complying with information security controls in public organisations across all regions of Saudi Arabia. The study contributes to the information security management domain in terms of the model's validity, which can be used to explore the influence of the identified factors on employees' perceptions and intentions toward complying with information security controls in different cultural and environmental contexts.