Abstract
In the contemporary digital landscape, cyber-attacks and incidents have placed cyber-security at the forefront of priorities in organisations. As organisations face cyber risks, it becomes imperative to implement and comply with various cyber-security policies. However, due to factors such as policy complexity and resistance from employees, compliance can be a challenging task. The study, which took a comprehensive approach, investigated the variables that affect an organisation's adherence to cyber-security policies. The findings of this study provide insights into the challenges and factors influencing compliance with cyber-security policies in organisations. A case study design was chosen as part of a qualitative approach to answer the research question. For data gathering, semi-structured interviews were performed, and existing documents were also considered when available to supplement interviews. The gathered data was meticulously organised, coded, and analysed using the Actor-Network Theory perspective, with a focus on its four moments of translation: problematisation, interessement, enrolment, and mobilisation. The analysis revealed that insider threats and phishing attempts are the two cyber threats that affect organisations; behavioural challenges and enforcement limitations are factors that influence and contribute to the non-compliance of cyber-security policy; phishing exercises and policy development processes are used to enforce cyber-security policies.
Publisher
NASK National Research Institute