Review of Behavioural Theories in Security Compliance and Research Challenge
Inconsistent findings on the effect of various determinants of cyber security behaviour emphasise the need for further understanding of the applicability of compliance theories. The paper provides a critical review of determinants of users’ cyber security behaviour and establishes directions for future research.
Cyber security behaviour has been studied using a range of behavioural theories. Factors from these theories help organisations to develop suitable initiatives to encourage positive compliance from the employees.
The paper integrates factors that can impact cyber security behaviour from Theory of Planned Behaviour, Protection Motivation Theory, Rational Choice Theory and General Deterrence Theory into an overarching framework for better connection of the theories. Previous studies’ findings were analysed to establish research challenges in the field.
Future research should investigate the complex interaction between organizational and personal characteristics so that a security program can be developed that can effectively engage employees with security tasks even in demanding work environment.