A study of human factors toward compliance with organization's information security policy

While organizations increasingly rely on information technology for competitive advantage, safeguarding sensitive data hinges on more than just technical safeguards. Alarmingly, employee actions account for a growing percentage of information security breaches, highlighting the critical role of human factors. Building upon the understanding that human resources are key to maintaining organizational security, this study investigates the relationship between five key human factors security culture, awareness, training, risk perception, and reinforcement and employee compliance with information security policies. Through quantitative research, we propose and validate a conceptual framework demonstrating a significant positive association between these human factors and compliant behavior. Our findings emphasize the profound influence of security culture as a primary driver of secure practices within organizations. These insights offer practical guidance for organizations to move beyond a technology centric approach and prioritize a human centric security strategy that integrates these factors into policy design, training programs, and organizational culture.