Mohammed Kaosar

Humans have been identified as the weakest link in the information security chain and the root cause of numerous security incidents in organisations. This has also been augmented by an increased number of employees working remotely due to the COVID-19 pandemic. In such a case, without the security protection that office systems afford and increased reliance on technology the security of the information assets of the organization now heavily relies on the employee's behaviour. While organisational culture helps to mould, guide and shape attitudes and behaviours of employees, employees' information security behaviour is a major concern. Therefore, the aim of this study was to empirically examine the relationship between organisational culture and employee's information security behaviour. An online survey was conducted over a period of two months. Organisational culture was measured using Organisational Culture Assessment Instrument (OCAI). SPSSv25 was used to do correlations, crosstabulations and regression analysis. Our main finding, was that organisational culture can significantly predict employee's online behaviour. Another observation was a negative relationship between organisational culture and security behaviour, which indicated that moving from a Clan culture towards a Hierarchy culture, the employee's security behaviours move from a naive behaviour through risk inclined to risk-averse behaviour.