Mind the Threat! A Qualitative Case Study on Information Security Awareness Programs in European Banks

This case study aims to analyze the dynamics in banks, which implement an information security awareness (ISA) program. In detail, we describe ISA programs in three major banks from three Central Eastern European countries. We examine how the specific context shapes different phases of its implementation. The contextual differentiation helps us to discover how specific characteristics of ISA programs affect employees’ information security awareness, which is reflected by employees’ perception of information security risks and threats. Moreover, the research contributes to state of the art behavioral information security research by discovering conflicts concerning compliant information security behavior from specific organizational perspectives. Stakeholders identify several conflicts, which affect compliant information security behavior. We use an embedded single-case study to investigate three implementation processes and how they are constructed in three banks in Central and Eastern Europe. We triangulate interview data and documents in the respective organizational context.