EFFECTS OF THE PROTECTION MOTIVATION MODEL ON INFORMATION SECURITY POLICY COMPLIANCE AMONG SAUDI EMPLOYEES

Abstract

Companies in Saudi Arabia are facing increased vulnerability due to employee’s failure to adhere to organization information security policies. This noncompliance often results in large-scale leaks of information or data, leading to negative business consequences, including risks to customer information. A survey was conducted among sampled participants to assess the validity of protection motivation theory in relation to variables such as the perceived severity of threats, perceived response efficacy, and perceived vulnerability to threats. The findings indicated that 92.7% of employees refrained from opening advertising emails, 74.47% abstained from using corporate computers for personal emails, and 82.3% were aware of scam emails. Consequently, intensive training is highly recommended for employees, given that 17% to 24% still fail to adhere to information security policies. Additionally, there is a pressing need to raise awareness among employees through comprehensive training to understand the various attack strategies employed in cyber threats.