Maximizing Employee Compliance with Cybersecurity Policies
W. Alec Cram, Jeffrey Gainer Proudfoot, John D’Arcy
Abstract
IT executives are well aware that formal policies are fundamental to combatting insider cybersecurity threats but struggle to achieve adequate levels of policy compliance from employees. This article identifies which practices for promoting compliance are effective and ineffective and provides actionable recommendations for maximizing employee compliance. Following these recommendations will enable organizations to derive more value from their cybersecurity investments and reduce the financial, reputational and legal risks associated with data breaches and network intrusions.
Topics & Concepts
Compliance (psychology)Insider threatBusinessData breachInsiderComputer securityPublic relationsRisk analysis (engineering)Internet privacyAccountingFinanceComputer scienceLawSocial psychologyPolitical sciencePsychologyInformation and Cyber SecurityNetwork Security and Intrusion DetectionCybercrime and Law Enforcement Studies