Assessing the Impact of Employee Cyber Hygiene Practices on the Effectiveness of Organizational Security Policies and Awareness Programs

Rahul Sharma

Authors

Rahul Sharma Cybersecurity Analyst, India Author

Keywords:

Cyber hygiene, organizational security, employee behavior, cybersecurity awareness, policy effectiveness, cybersecurity culture

Abstract

In the face of increasing cyber threats, organizations invest heavily in security policies and awareness programs. However, the success of these measures largely depends on employees' adherence to cyber hygiene practices. This paper investigates the relationship between employee cyber hygiene behavior and the effectiveness of organizational security policies and awareness campaigns. Drawing upon literature and current empirical insights, the study identifies key factors influencing security outcomes, including training quality, behavioral compliance, and organizational culture. The paper further offers recommendations for aligning individual behavior with institutional security goals through behavior-driven policy design.

References

Alshaikh, Maha, Sandra B. Maynard, Ahmad Ahmad, and Shanton Chang. “An Exploratory Study of Current Organisational Cybersecurity Culture.” Information & Computer Security, vol. 28, no. 1, 2020, pp. 51–75.

Bulgurcu, Burcu, Hasan Cavusoglu, and Izak Benbasat. “Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness.” MIS Quarterly, vol. 34, no. 3, 2010, pp. 523–548.

D’Arcy, John, Anat Hovav, and Dennis Galletta. “User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach.” Information Systems Research, vol. 20, no. 1, 2009, pp. 79–98.

Hadlington, Lee. “Human Factors in Cybersecurity; Examining the Link Between Internet Addiction, Impulsivity, Attitudes towards Cybersecurity, and Risky Cybersecurity Behaviours.” Heliyon, vol. 3, no. 7, 2017, e00346.

Herath, Tejaswini, and H. Raghav Rao. “Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations.” European Journal of Information Systems, vol. 18, no. 2, 2009, pp. 106–125.

Ifinedo, Princely. “Understanding Information Systems Security Policy Compliance: An Integration of the Theory of Planned Behavior and the Protection Motivation Theory.” Computers & Security, vol. 31, no. 1, 2012, pp. 83–95.

Johnson, M. Eric, and Willian Goetz. “Embedding Information Security Risk Management into the Enterprise Risk Management Process.” Information Systems Frontiers, vol. 9, no. 1, 2007, pp. 5–12.

Kranz, Johann, and Natalia Hovorka. “Developing a Security-Aware Culture to Combat Insider Threats.” Journal of Strategic Information Systems, vol. 24, no. 4, 2015, pp. 261–271.

Ng, Brian-Yong, Andrew Kankanhalli, and Yulin Xu. “Studying Users’ Computer Security Behavior: A Health Belief Perspective.” Decision Support Systems, vol. 46, no. 4, 2009, pp. 815–825.

Parsons, Kathryn, Malcolm Butavicius, Peter Delfabbro, and Marcus Lillie. “Predicting Susceptibility to Social Influence in Cybersecurity Contexts.” Human Factors, vol. 59, no. 4, 2017, pp. 507–519.

Puhakainen, Pirkko, and Mikko Siponen. “Improving Employees’ Compliance Through Information Systems Security Training: An Action Research Study.” MIS Quarterly, vol. 34, no. 4, 2010, pp. 757–778.

Sasse, M. Angela, and Ivan Flechais. “Usable Security: Why Do We Need It? How Do We Get It?” In Security and Usability: Designing Secure Systems That People Can Use, edited by Lorrie Faith Cranor and Simson Garfinkel, O’Reilly Media, 2005, pp. 13–30.

Siponen, Mikko, Anthony Vance, and Martin Straub. “Designing Secure Systems Based on the Theory of Deterrence and the Theory of Planned Behavior: Empirical Examination.” Information Systems Journal, vol. 24, no. 1, 2014, pp. 61–91.

Vance, Anthony, Paul Benjamin Lowry, and Dennis Eggett. “Using Accountability to Reduce Access Policy Violations in Information Systems.” Journal of Management Information Systems, vol. 29, no. 4, 2013, pp. 263–290.

Vishwanath, Arun, Tejaswini Herath, Richard Chen, Jing Wang, and H. Raghav Rao. “Why Do People Get Phished? Testing Individual Differences in Phishing Vulnerability Within an Integrated, Information Processing Model.” Decision Support Systems, vol. 51, no. 3, 2011, pp. 576–586