Litcius/Paper detail

Factors influencing employee compliance with information security policies: a systematic literature review of behavioral and technological aspects in cybersecurity

Alfonso de Vicente, Luis Díaz-Marcos, Oscar AGUADO-TEVAR, María García de Blanes Sebastián

2025Future Business Journal22 citationsDOIOpen Access PDF

Abstract

Abstract This study investigates the factors influencing employee compliance with information security policies, with a specific focus on the interplay between behavioral and technological elements shaping employee behavior. Compliance with these policies is critical in safeguarding organizational assets in an increasingly digital and interconnected world. Addressing the gap in current literature, this research highlights the integration of behavioral theories into cybersecurity, offering a unique perspective that bridges the human and technological dimensions. Unlike prior studies that predominantly emphasize technical solutions, this work underscores the importance of organizational culture, individual attitudes, and leadership in fostering compliance. The study employs a systematic literature review following the PRISMA methodology, analyzing 2001–2023 publications from leading databases such as ACM Digital Library, IEEE Xplore, ScienceDirect, and Web of Science. This rigorous approach ensures the inclusion of high-quality studies, facilitating a comprehensive analysis of the factors influencing compliance. The findings reveal that perceived effectiveness of security measures, top management support, and organizational culture are pivotal in shaping compliance behaviors. Strategies that combine intrinsic motivators, such as personal responsibility, with extrinsic incentives, like rewards and enforcement, are identified as the most effective. These results have significant implications for practice, particularly in designing cybersecurity awareness programs tailored to individual and contextual differences. Such initiatives can be instrumental for organizations and governments in strengthening security postures across diverse sectors. By addressing both technological vulnerabilities and human behavior, this study contributes to the development of more holistic and sustainable cybersecurity strategies.

Topics & Concepts

Compliance (psychology)Computer securityInformation securityBusinessInternet privacySystematic reviewRisk analysis (engineering)Public relationsPsychologyComputer sciencePolitical scienceMEDLINESocial psychologyLawInformation and Cyber SecurityNetwork Security and Intrusion DetectionCybercrime and Law Enforcement Studies