Information Security Awareness: Its Antecedents and Mediating Effects on Security Compliant Behavior

Information security awareness (ISA) is referred to as a state of consciousness and knowledge about security issues and is frequently found to impact security compliant behavior. However, to date we know little about the factors influencing ISA and its mediating effect on behavior. Our study addresses these gaps. We propose a research model that studies ISA’s institutional, individual, and environmental antecedents and investigates the mediating role of ISA. The model was empirically tested with survey data from 475 employees. The model explains a substantial proportion of the variance of ISA (.50) and intention to comply (.41). The results imply that the provision of security policies and employees’ knowledge on information systems are the most influential antecedents of ISA. The study shows that ISA mediates the relationship between ISA’s antecedents and behavioral intention. The findings will be useful for stakeholders interested in encouraging employees’ information security policy compliant behavior.