Understanding employee cybersecurity behavior: The role of information security policies, organizational culture, and theory

https://doi.org/10.55214/2576-8484.v10i3.12340

Authors

  • Said Badreddine CIS Faculty, AAF Campus, Higher Colleges of Technology (HCT), Abu Dhabi, UAE, and School of Computing, Engineering & Digital Technologies, Teesside University, Middlesbrough TS1 3B, UK. https://orcid.org/0000-0001-7157-6507
  • Hamsa Al Ammari Advisor of the Chief Academic Officer, Higher Colleges of Technology (HCT), Central Services, Abu Dhabi, UAE.

This study investigates employee cybersecurity behavior by examining the influence of organizational information security policies (ISPs), behavioral determinants, and dominant theoretical frameworks to address persistent human-related vulnerabilities in organizations. A systematic literature review was conducted across IEEE Xplore, SpringerLink, Emerald Insight, ResearchGate, World Scientific, and ScienceDirect. From 244 non-duplicate records, 64 peer-reviewed studies met the inclusion criteria. To extend the review, secondary analysis of the BCCC–CIC–IDS2017 dataset (n = 579) was performed using structural equation modeling. The findings indicate that cybersecurity behavior is shaped by the interaction of psychological factors (perceived threat, vulnerability, self-efficacy, motivation), social influences (peer behavior, cues to action), and organizational conditions (security culture, policy clarity, training, enforcement). Protection Motivation Theory, Theory of Planned Behavior, Health Belief Model, and General Deterrence Theory are most frequently applied. Empirical analysis confirms that peer behavior and cues to action significantly enhance cybersecurity engagement, while prior experience increases perceived severity and vulnerability and reduces perceived barriers. The study concludes that human-centric and integrative behavioral models are essential for improving cybersecurity compliance. Practical implications suggest that organizations should prioritize awareness programs, managerial support, and culturally aligned ISPs to strengthen cybersecurity resilience beyond technical controls alone.

How to Cite

Badreddine, S., & Ammari, H. A. (2026). Understanding employee cybersecurity behavior: The role of information security policies, organizational culture, and theory. Edelweiss Applied Science and Technology, 10(3), 234–251. https://doi.org/10.55214/2576-8484.v10i3.12340
ACM APA Chicago MLA
Download Citation
Endnote/Zotero/Mendeley (RIS) BibTeX

Downloads

Download data is not yet available.

Dimension Badge

Download

Downloads

Issue

Vol. 10 No. 3 (2026)

Section

Articles

Published

2026-03-06

Keywords

Behavioral cybersecurity, Cybersecurity compliance, Organizational influence, Employee cybersecurity behavior, Information security policies (ISPs), Protection Motivation Theory, Security culture, Procedural knowledge, Motivation and perceived threat, Theoretical frameworks, Theory of Planned Behavior.