Unpacking security policy compliance: the motivators and barriers of employees' security behaviors

John M. Blythe, Lynne Coventry, Linda Little

Research output: Chapter in Book/Report/Conference proceedingConference contribution

48 Citations (Scopus)


The body of research that focuses on employees' Information Security Policy compliance is problematic as it treats compliance as a single behavior. This study explored the underlying behavioral context of information security in the workplace, exploring how individual and organizational factors influence the interplay of the motivations and barriers of security behaviors. Investigating factors that had previously been explored in security research, 20 employees from two organizations were interviewed and the data was analyzed using framework analysis. The analysis indicated that there were seven themes pertinent to information security: Response Evaluation, Threat Evaluation, Knowledge, Experience, Security Responsibility, Personal and Work Boundaries, and Security Behavior. The findings suggest that these differ by security behavior and by the nature of the behavior (e.g. on- and offline). Conclusions are discussed highlighting barriers to security actions and implications for future research and workplace practice.

Original languageEnglish
Title of host publicationSOUPS 2015
Subtitle of host publicationproceedings of the Eleventh Symposium on Usable Privacy and Security
EditorsLorrie Faith Cranor, Robert Biddle, Sunny Consolvo
Place of PublicationBerkeley
PublisherUSENIX Association
Number of pages20
ISBN (Electronic)9781931971249
Publication statusPublished - 22 Jul 2015
Externally publishedYes
Event11th Symposium on Usable Privacy and Security - Ottawa, Canada
Duration: 22 Jul 201525 Jul 2015
Conference number: 11th


Conference11th Symposium on Usable Privacy and Security
Abbreviated titleSOUPS 2015


Dive into the research topics of 'Unpacking security policy compliance: the motivators and barriers of employees' security behaviors'. Together they form a unique fingerprint.

Cite this