Analyzing Information Security Among Nonmalicious Employees

Insider threats pose a significant risk to organizational data security, and many organizations implement information security policies (ISPs) to reduce insider threats. This study used the unified theory of acceptance and use of technology 2 (UTAUT2) to examine factors that predict compliance among nonmalicious employees. A partial least squares structural equation modeling approach was used to examine survey data collected from N = 158 nonmalicious employees. The analysis indicated that social influence and facilitating conditions were the only UTAUT2 factors significantly predicting nonmalicious employees' compliance. The study's findings suggest that organizations should focus on building workplace cultures emphasizing ISP compliance's social importance.