Skip to main content

Advertisement

Springer Nature Link
Log in

Perceptions of organizational responsibility for cybersecurity in Saudi Arabia: a moderated mediation analysis

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

The study aims to explore the crucial interaction between organizational responsibility and employee behavior in cybersecurity, particularly in the distinct setting of Saudi Arabia. It investigates how organizational responsibility perceptions impact employee attitudes and practices towards cybersecurity. The research utilizes a mixed theoretical framework, incorporating stewardship theory, protection motivation theory, and the theory of planned behavior. It examines the intricate link between organizational leadership, policies, and individual responses to cybersecurity threats through a comprehensive survey conducted among Saudi employees. The study discovers that employees’ perceptions of organizational responsibility greatly influence their cybersecurity behavior. It also finds that employee attitudes towards cybersecurity act as a mediator in this relationship. Contrary to expectations, personal experiences with cybersecurity incidents do not significantly moderate these relationships. This underlines the complex and culture-specific nature of cybersecurity compliance in organizational contexts. This research uniquely contributes to the understanding of cybersecurity behavior within organizations, particularly highlighting the need for policies that align with both organizational objectives and individual behaviors in culturally specific environments like Saudi Arabia. It offers novel insights into the less pronounced impact of personal cybersecurity experiences on organizational-employee dynamics in cybersecurity compliance.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

Explore related subjects

Discover the latest articles and news from researchers in related subjects, suggested using machine learning.

Data availability

The datasets generated by the survey research during and/or analyzed during the current study are available in the Mendeley Data repository, https://doi.org/10.17632/vfw2vhx22f.2.

References

  1. Sarkar, G., Shukla, S.K.: Behavioral analysis of cybercrime: Paving the way for effective policing strategies. J. Econ. Criminol. 2, 100034 (2023). https://doi.org/10.1016/j.jeconc.2023.100034

    Article  Google Scholar 

  2. Dalal, R.S., Howard, D.J., Bennett, R.J., Posey, C., Zaccaro, S.J., Brummel, B.J.: Organizational science and cybersecurity: Abundant opportunities for research at the interface. J. Bus. Psychol. 37(1) (2022). https://doi.org/10.1007/s10869-021-09732-9

  3. Posey, C., Folger, R.: An exploratory examination of organizational insiders’ descriptive and normative perceptions of cyber-relevant rights and responsibilities. Comput. Secur. 99 (2020). https://doi.org/10.1016/j.cose.2020.102038

  4. AlMindeel, R., Martins, J.T.: Information security awareness in a developing country context: Insights from the government sector in Saudi Arabia. Inf. Technol. People. 34(2), 770–788 (Mar. 2021). https://doi.org/10.1108/ITP-06-2019-0269/FULL/XML

  5. Alrubaiq, A., Alharbi, T.: Developing a Cybersecurity Framework for e-Government Project in the Kingdom of Saudi Arabia. J. Cybersecur. Priv. 1, 302–318 (2021). no. 210.3390/jcp1020017

    Article  Google Scholar 

  6. Saeed, S., Digital Workplaces and Information Security Behavior of Business Employees: An empirical study of Saudi Arabia. Sustainability. 15, 6019 (Mar. 2023). https://doi.org/10.3390/SU15076019

  7. Almeida, M.C., Yoshikuni, A.C., Dwivedi, R., Larieira, C.L.C.: Do Leadership styles Influence Employee Information systems Security Intention? A study of the Banking Industry. Glob J. Flex. Syst. Manag. 23(4), 535–550 (2022). https://doi.org/10.1007/s40171-022-00320-1

    Article  Google Scholar 

  8. Onumo, A., Ullah-Awan, I., Cullen, A.: Assessing the moderating effect of Security Technologies on employees Compliance with Cybersecurity Control procedures. ACM Trans. Manag Inf. Syst. 12(2) (2021). https://doi.org/10.1145/3424282

  9. Dodge, C.E., Fisk, N., Burruss, G.W., Moule, R.K. Jr., Jaynes, C.M.: What motivates users to adopt cybersecurity practices? A survey experiment assessing protection motivation theory. Criminol. Public. Policy. (Sep. 2023). https://doi.org/10.1111/1745-9133.12641

  10. Ylönen, M., et al.: Integrated management of safety and security in Seveso sites - sociotechnical perspectives. Saf. Sci. 151 (2022). https://doi.org/10.1016/j.ssci.2022.105741

  11. Alyami, A., Sammon, D., Neville, K., Mahony, C.: The critical success factors for Security Education, Training and Awareness (SETA) program effectiveness: A lifecycle model. Inf. Technol. People. 36(8), 94–125 (2023). https://doi.org/10.1108/ITP-07-2022-0515

    Article  Google Scholar 

  12. Shin, B., Lowry, P.B.: A review and theoretical explanation of the ‘Cyberthreat-Intelligence (CTI) capability’ that needs to be fostered in information security practitioners and how this can be accomplished. Comput. Secur. 92 (2020). https://doi.org/10.1016/j.cose.2020.101761

  13. Subach, I., Mogylevych, D., Mykytiuk, A., Kubrak, V., Korotayev, S.: Design Methodology of Cybersecurity Situational Center, in CEUR Workshop Proceedings, vol. 3187, pp. 79–88. [Online]. Available: (2021). https://www.scopus.com/inward/record.uri?eid=2-s2.0-85137143260&partnerID=40&md5=29e5ba74cf30484f4df17ddfedbcb4b2

  14. Wang, S., Wang, H.: Knowledge Management for Cybersecurity in Business organizations: A Case Study. J. Comput. Inf. Syst. 61(2), 174–181 (2021). https://doi.org/10.1080/08874417.2019.1571458

    Article  Google Scholar 

  15. Davis, J.H., Schoorman, F.D., Donaldson, L.: Toward a stewardship theory of management, in Business Ethics and Strategy, Volumes I and II, University of Notre Dame, India: Taylor and Francis, pp. 473–500. (2018). https://doi.org/10.4324/9781315261102-29

  16. Maddux, J.E., Rogers, R.W.: Protection motivation and self-efficacy: A revised theory of fear appeals and attitude change. J. Exp. Soc. Psychol. 19(5), 469–479 (1983). https://doi.org/10.1016/0022-1031(83)90023-9

    Article  Google Scholar 

  17. Ajzen, I.: The theory of planned behavior. Organ. Behav. Hum. Decis. Process. 50(2), 179–211 (Dec. 1991). https://doi.org/10.1016/0749-5978(91)90020-T

  18. Sama, L.M., Stefanidis, A., Casselman, R.M.: Rethinking corporate governance in the digital economy: The role of stewardship. Bus. Horiz. 65(5), 535–546 (2022). https://doi.org/10.1016/j.bushor.2021.08.001

    Article  Google Scholar 

  19. Kaur, M., Malik, K., Sharma, S.: A note on boardroom challenge, Board effectiveness and corporate stewardship during COVID-19. Vision. 25(2), 131–135 (2021). https://doi.org/10.1177/0972262920987326

    Article  Google Scholar 

  20. Ali, R.F., Dominic, P.D.D., Ali, S.E., Rehman, M., Sohail, A.: Information Security Behavior and Information Security Policy Compliance: A systematic literature review for identifying the Transformation process from Noncompliance to Compliance. Appl. Sci. 11(8) (2021). https://doi.org/10.3390/app11083383

  21. Steinfeld, J.M.: Stewardship theory over Agency Theory. In: Steinfeld, J.M. (ed.) in Public-Private Stewardship: Achieving Value-for-Money in Public-Private Partnerships, pp. 123–134. Springer International Publishing, Cham (2023). https://doi.org/10.1007/978-3-031-17131-4_8

    Chapter  Google Scholar 

  22. Almansoori, A., Al-Emran, M., Shaalan, K.: Exploring the frontiers of Cybersecurity Behavior: A systematic review of studies and theories. Appl. Sci. 13(9) (2023). https://doi.org/10.3390/app13095700

  23. Shahbaznezhad, H., Kolini, F., Rashidirad, M.: Employees’ Behavior in Phishing Attacks: What Individual, Organizational, and Technological Factors Matter? J. Comput. Inf. Syst, vol. 61, no. 6, pp. 539–550, Nov. (2021). https://doi.org/10.1080/08874417.2020.1812134

  24. Gregory, R.W., Henfridsson, O., Kaganer, E., Kyriakou, S.H.: The role of artificial intelligence and data network effects for creating user value. Acad. Manag Rev. 46(3), 534–551 (2021). https://doi.org/10.5465/amr.2019.0178

    Article  Google Scholar 

  25. Banks, G.C., Woznyj, H.M., Mansfield, C.A.: Where is ‘behavior’ in organizational behavior? A call for a revolution in leadership research and beyond. Leadersh. Q. 101581 (2021). https://doi.org/10.1016/j.leaqua.2021.101581

  26. Bertassini, A.C., Ometto, A.R., Severengiz, S., Gerolamo, M.C.: Circular economy and sustainability: The role of organizational behaviour in the transition journey. Bus. Strateg Environ. 30(7), 3160–3193 (2021). https://doi.org/10.1002/bse.2796

    Article  Google Scholar 

  27. Reeves, A., Delfabbro, P., Calic, D.: Encouraging Employee Engagement with Cybersecurity: How to tackle Cyber fatigue. SAGE Open. 11(1) (2021). https://doi.org/10.1177/21582440211000049

  28. Farshadkhah, S., Van Slyke, C., Fuller, B.: Onlooker effect and affective responses in information security violation mitigation. Comput. Secur. 100 (2021). https://doi.org/10.1016/j.cose.2020.102082

  29. Donalds, C., Osei-Bryson, K.-M.: Cybersecurity compliance behavior: Exploring the influences of individual decision style and other antecedents. Int. J. Inf. Manage. 51 (2020). https://doi.org/10.1016/j.ijinfomgt.2019.102056

  30. Maalem Lahcen, R.A., Caulkins, B., Mohapatra, R., Kumar, M.: Review and insight on the behavioral aspects of cybersecurity. Cybersecurity. 3(1) (2020). https://doi.org/10.1186/s42400-020-00050-w

  31. Triplett, W.J.: Addressing human factors in Cybersecurity Leadership. J. Cybersecur. Priv. 2, 573–586 (2022). no. 310.3390/jcp2030029

    Article  Google Scholar 

  32. Freeman, S., Vissak, T., Nummela, N., Trudgen, R.: Do technology-focused fast internationalizers’ performance measures change as they mature? Int. Bus. Rev. 32(5), 102168 (2023). https://doi.org/10.1016/j.ibusrev.2023.102168

    Article  Google Scholar 

  33. Alhalafi, N., Veeraraghavan, P.: Exploring the challenges and issues in adopting Cybersecurity in Saudi Smart cities: Conceptualization of the Cybersecurity-based UTAUT Model. Smart Cities. 6, 1523–1544 (2023). no. 310.3390/smartcities6030072

    Article  Google Scholar 

  34. Wong, L.-W., Lee, V.-H., Tan, G.W.-H., Ooi, K.-B., Sohal, A.: The role of cybersecurity and policy awareness in shifting employee compliance attitudes: Building supply chain capabilities. Int. J. Inf. Manage. 66, 102520 (2022). https://doi.org/10.1016/j.ijinfomgt.2022.102520

    Article  Google Scholar 

  35. Castelo-Branco, I., Oliveira, T., Simões-Coelho, P., Portugal, J., Filipe, I.: Measuring the fourth industrial revolution through the industry 4.0 lens: The relevance of resources, capabilities and the value chain. Comput. Ind. 138 (2022). https://doi.org/10.1016/j.compind.2022.103639

  36. Ramírez, M., Rodríguez Ariza, L., Gómez, M.E., Miranda, Vartika: The disclosures of information on cybersecurity in listed companies in Latin America—proposal for a Cybersecurity Disclosure Index. Sustainability. 14(3) (2022). https://doi.org/10.3390/su14031390

  37. Li, L., He, W., Xu, L., Ash, I., Anwar, M., Yuan, X.: Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior. Int. J. Inf. Manage. 45, 13–24 (2019). https://doi.org/10.1016/j.ijinfomgt.2018.10.017

    Article  Google Scholar 

  38. Maurer, F., Fritzsche, A.: Layered structures of robustness and resilience: Evidence from cybersecurity projects for critical infrastructures in Central Europe. Strateg Chang. 32(6), 195–208 (2023). https://doi.org/10.1002/jsc.2559

    Article  Google Scholar 

  39. Garrido, C.B.E., Compte, S.S., Roldan, L.R., Malacara, A.A.: Survey and testing of the IoT Cybersecurity Framework using intrusion detection systems. Int. J. Comput. Networks Appl. 9(5), 601–623 (2022). https://doi.org/10.22247/ijcna/2022/215920

    Article  Google Scholar 

  40. Banciu, D., Rădoi, M., Belloiu, S.: Information security awareness in Romanian public administration: An exploratory case study. Stud. Inf. Control. 29(1), 121–129 (2020). https://doi.org/10.24846/v29i1y202012

    Article  Google Scholar 

  41. Perera, S., Jin, X., Maurushat, A., Opoku, D.-G.J.: Factors affecting reputational damage to Organisations due to Cyberattacks. Informatics. 9(1) (2022). https://doi.org/10.3390/informatics9010028

  42. Liebetrau, T.: Organizing cyber capability across military and intelligence entities: Collaboration, separation, or centralization. Policy Des. Pract. 6(2), 131–145 (2023). https://doi.org/10.1080/25741292.2022.2127551

    Article  Google Scholar 

  43. Anu, V.: Information security governance metrics: A survey and taxonomy. Inf. Secur. J. 31(4), 466–478 (2022). https://doi.org/10.1080/19393555.2021.1922786

    Article  Google Scholar 

  44. Khan, S., Madnick, S.: Protecting Chiller systems from Cyberattack using a systems thinking Approach. Network. 2(4), 606–627 (2022). https://doi.org/10.3390/network2040035

    Article  Google Scholar 

  45. Li, L., Xu, L., He, W.: The effects of antecedents and mediating factors on cybersecurity protection behavior. Comput. Hum. Behav. Rep. 5 (2022). https://doi.org/10.1016/j.chbr.2021.100165

  46. Kalhoro, S., Rehman, M., Ponnusamy, V., Shaikh, F.B.: Extracting key factors of cyber hygiene behaviour among software engineers: A systematic literature review. IEEE Access. 9, 99339–99363 (2021). https://doi.org/10.1109/ACCESS.2021.3097144

    Article  Google Scholar 

  47. Klein, G., Zwilling, M.: The Weakest Link: Employee Cyber-defense behaviors while Working from Home. J. Comput. Inf. Syst. (2023). https://doi.org/10.1080/08874417.2023.2221200

    Article  Google Scholar 

  48. Sari, P.K., Handayani, P.W., Hidayanto, A.N., Yazid, S., Aji, R.F.: Information Security Behavior in Health Information Systems: A review of Research Trends and Antecedent factors. Healthcare. 10(12) (2022). https://doi.org/10.3390/healthcare10122531

  49. Mwim, E.N., Mtsweni, J., Chimbo, B.: Factors Associated with Cybersecurity Culture: A quantitative study of Public E-health hospitals in South Africa. IFIP Adv. Inform. Communication Technol. 674, 129–142 (2023). https://doi.org/10.1007/978-3-031-38530-8_11

    Article  Google Scholar 

  50. Wilson, M., McDonald, S., Button, D., McGarry, K.: It won’t happen to me: Surveying SME attitudes to cyber-security. J. Comput. Inf. Syst. 63(2), 397–409 (2023). https://doi.org/10.1080/08874417.2022.2067791

    Article  Google Scholar 

  51. Chaudhary, S., Gkioulos, V., Katsikas, S.: A quest for research and knowledge gaps in cybersecurity awareness for small and medium-sized enterprises. Comput. Sci. Rev. 50, 100592 (2023). https://doi.org/10.1016/j.cosrev.2023.100592

    Article  Google Scholar 

  52. Hadlington, L.: The ‘Human factor’ in Cybersecurity: Exploring the Accidental Insider. in In: Research Anthology on Artificial Intelligence Applications in Security, pp. 1960–1977. IGI Global, Hershey, PA (2021). https://doi.org/10.4018/978-1-7998-7705-9.ch087

    Chapter  Google Scholar 

  53. Sharma, S., Aparicio, E.: Organizational and team culture as antecedents of protection motivation among IT employees. Comput. Secur. 120 (2022). https://doi.org/10.1016/j.cose.2022.102774

  54. Huang, K., Pearlson, K.: For what technology can’t fix: Building a model of organizational cybersecurity culture, in Proceedings of the Annual Hawaii International Conference on System Sciences, vol. 2019-Janua, pp. 6398–6407. [Online]. Available: (2019). https://www.scopus.com/inward/record.uri?eid=2-s2.0-85108267591&partnerID=40&md5=8a90698b30858c446ed0f59f017ec31c

  55. Burrell, D.N., et al.: The managerial ethical and operational challenges of hospital cybersecurity. In: Burrell, D.N. (ed.) in Transformational Interventions for Business, Technology, and Healthcare, pp. 444–458. IGI Global, Hershey (2023). https://doi.org/10.4018/979-8-3693-1634-4.ch026

    Chapter  Google Scholar 

  56. Al-ma’aitah, M.A.: Investigating the drivers of cybersecurity enhancement in public organizations: The case of Jordan. Electron. J. Inf. Syst. Dev. Ctries. 88(5) (2022). https://doi.org/10.1002/isd2.12223

  57. Alharbi, F., et al.: The impact of Cybersecurity practices on Cyberattack damage: The perspective of Small enterprises in Saudi Arabia. Sensors. 21(20), 6901 (Oct. 2021). https://doi.org/10.3390/S21206901

  58. Malatji, M., Von Solms, S., Marnewick, A.: Socio-technical systems cybersecurity framework. Inf. Comput. Secur. 27(2), 233–272 (2019). https://doi.org/10.1108/ICS-03-2018-0031

    Article  Google Scholar 

  59. Preis, B., Susskind, L.: Municipal cybersecurity: More work needs to be done. Urban Aff Rev. 58(2), 614–629 (2022). https://doi.org/10.1177/1078087420973760

    Article  Google Scholar 

  60. Alhuwail, D., Al-Jafar, E., Abdulsalam, Y., Alduaij, S.: Information Security Awareness and Behaviors of Health Care Professionals at Public Health Care Facilities. Appl. Clin. Inf. 12(4), 924–932 (2021). https://doi.org/10.1055/s-0041-1735527

    Article  Google Scholar 

  61. Ulrich, P.S., Timmermann, A., Frank, V.: Organizational aspects of cybersecurity in German family firms – Do opportunities or risks predominate? Organ. Cybersecurity J. Pract. Process People, vol. 2, no. 1, pp. 21–40, Jan. (2022). https://doi.org/10.1108/OCJ-03-2021-0010

  62. Garba, J., Kaur, J., Ibrahim, E.N.M., DESIGN OF A CONCEPTUAL FRAMEWORK, FOR CYBERSECURITY CULTURE AMONGST ONLINE BANKING USERS IN NIGERIA: Niger J. Technol. 42(3), 399–405 (2023). https://doi.org/10.4314/njt.v42i3.13

    Article  Google Scholar 

  63. Anawar, S., Kunasegaran, D.L., Mas’Ud, M.Z., Zakaria, N.A.: Analysis of phishing susceptibility in a workplace: A big-five personality perspectives, J. Eng. Sci. Technol, vol. 14, no. 5, pp. 2865–2882, [Online]. Available: (2019). https://www.scopus.com/inward/record.uri?eid=2-s2.0-85073019806&partnerID=40&md5=e77a1b87b3ecf94aa2e3db3e72f7772d

  64. Karjalainen, M., Siponen, M., Sarker, S.: Toward a stage theory of the development of employees’ information security behavior. Comput. Secur. 93, 101782 (2020). https://doi.org/10.1016/j.cose.2020.101782

    Article  Google Scholar 

  65. Febriyani, W., Fathia, D., Widjajarto, A., Lubis, M.: Security awareness strategy for Phishing email scams: A Case Study one of a company in Singapore. Int. J. Inf. Vis. 7(3), 808–814 (2023). https://doi.org/10.30630/joiv.7.3.2081

    Article  Google Scholar 

  66. Kostyuk, N., Wayne, C.: The microfoundations of State Cybersecurity: Cyber risk perceptions and the Mass Public. J. Glob Secur. Stud. 6(2) (2021). https://doi.org/10.1093/jogss/ogz077

  67. Schuetz, S.W., Benjamin Lowry, P., Pienta, D.A., Thatcher, J.B.: The effectiveness of Abstract Versus concrete fear appeals in Information Security. J. Manag Inf. Syst. 37(3), 723–757 (2020). https://doi.org/10.1080/07421222.2020.1790187

    Article  Google Scholar 

  68. Zwilling, M., Klien, G., Lesjak, D., Wiechetek, Ł., Cetin, F., Basim, H.N.: Cyber Security awareness, knowledge and behavior: A comparative study. J. Comput. Inf. Syst. 62(1), 82–97 (2022). https://doi.org/10.1080/08874417.2020.1712269

    Article  Google Scholar 

  69. Chatterjee, S., Gao, X., Sarkar, S., Uzmanoglu, C.: Reacting to the scope of a data breach: The differential role of fear and anger. J. Bus. Res. 101, 183–193 (2019). https://doi.org/10.1016/j.jbusres.2019.04.024

    Article  Google Scholar 

  70. Mayer, P., Zou, Y., Schaub, F., Aviv, A.J.: ‘Now I’m a bit angry:’ Individuals’ awareness, perception, and responses to data breaches that affected them, in Proceedings of the 30th USENIX Security Symposium, pp. 393–410. [Online]. Available: (2021). https://www.scopus.com/inward/record.uri?eid=2-s2.0-85114520438&partnerID=40&md5=b988ba536c438e2a00629306db4c2d0b

  71. Burton, J.: Cyber-attacks and Freedom of expression: Coercion, Intimidation and virtual Occupation. Balt J. Eur. Stud. 9(3), 116–133 (2019). https://doi.org/10.1515/bjes-2019-0025

    Article  Google Scholar 

  72. Labrecque, L.I., Markos, E., Swani, K., Peña, P.: When data security goes wrong: Examining the impact of stress, social contract violation, and data type on consumer coping responses following a data breach. J. Bus. Res. 135, 559–571 (2021). https://doi.org/10.1016/j.jbusres.2021.06.054

    Article  Google Scholar 

  73. Albahar, M.: Cyber attacks and Terrorism: A twenty-First Century Conundrum. Sci. Eng. Ethics. 25(4), 993–1006 (2019). https://doi.org/10.1007/s11948-016-9864-0

    Article  Google Scholar 

  74. Shandler, R., Gomez, M.A.: The hidden threat of cyber-attacks–undermining public confidence in government. J. Inf. Technol. Polit. 20(4), 359–374 (2023). https://doi.org/10.1080/19331681.2022.2112796

    Article  Google Scholar 

  75. Fauzi, M.A., Yeng, P., Yang, B., Rachmayani, D.: Examining the link between Stress Level and Cybersecurity Practices of Hospital Staff in Indonesia, (2021). https://doi.org/10.1145/3465481.3470094

  76. Singh, T., Johnston, A.C., D’Arcy, J., Harms, P.D.: Stress in the cybersecurity profession: a systematic review of related literature and opportunities for future research, Organ. Cybersecurity J. Pract. Process People, vol. ahead-of-p, no. ahead-of-print, Jan. (2023). https://doi.org/10.1108/OCJ-06-2022-0012

  77. Ruoslahti, H., Davis, B.: Societal impacts of Cyber Security assets of Project ECHO. WSEAS Trans. Environ. Dev. 17, 1274–1283 (2021). https://doi.org/10.37394/232015.2021.17.116

    Article  Google Scholar 

  78. Ho, S.M., Gross, M.: Consciousness of cyber defense: A collective activity system for developing organizational cyber awareness. Comput. Secur. 108, 102357 (2021). https://doi.org/10.1016/j.cose.2021.102357

    Article  Google Scholar 

  79. Alkhazi, B., Alshaikh, M., Alkhezi, S., Labbaci, H.: Assessment of the Impact of Information Security Awareness Training Methods on knowledge, attitude, and Behavior. IEEE Access. 10, 132132–132143 (2022). https://doi.org/10.1109/ACCESS.2022.3230286

    Article  Google Scholar 

  80. Shaabany, G., Anderl, R.: Designing an effective course to improve Cybersecurity Awareness for Engineering faculties. Adv. Intell. Syst. Comput. 782, 203–211 (2019). https://doi.org/10.1007/978-3-319-94782-2_20

    Article  Google Scholar 

  81. Hatzivasilis, G., et al.: Modern aspects of Cyber-security Training and continuous adaptation of Programmes to trainees. Appl. Sci. 10(16) (2020). https://doi.org/10.3390/app10165702

  82. Barlette, Y., Jaouen, A.: Information security in SMEs: Determinants of CEOs’ protective and supportive behaviors. Syst. d’Information Manag. 24(3), 7–40 (2019). https://doi.org/10.3917/sim.193.0007

    Article  Google Scholar 

  83. Nienaber, A.-M., Spundflasch, S., Soares, A., Woodcock, A.: Distrust as a hazard for future sustainable mobility planning. Rethinking employees’ vulnerability when introducing New Information and Communication Technologies in local authorities. Int. J. Hum. Comput. Interact. 37(4), 390–401 (2021). https://doi.org/10.1080/10447318.2020.1860547

    Article  Google Scholar 

  84. Dillman, D.A.: Mail and Internet Surveys: The Tailored Design Method. John Wiley & Sons, Ltd, New York, NY (2007)

    Google Scholar 

  85. Serdar, C.C., Cihan, M., Yücel, D., Serdar, M.A.: Sample size, power and effect size revisited: Simplified and practical approaches in pre-clinical, clinical and laboratory studies. Biochem. Med. 31(1), 1–27 (Feb. 2021). https://doi.org/10.11613/BM.2021.010502

  86. Forza, C.: Survey research in operations management: A process-based perspective. Int. J. Oper. Prod. Manag. 22(2), 152–194 (2002). https://doi.org/10.1108/01443570210414310/FULL/XML

    Article  Google Scholar 

  87. Goodyear, M.D.E., Krleza-Jeric, K., Lemmens, T.: The declaration of Helsinki, Br. Med. J, vol. 335, no. 7621, pp. 624–625, (2007). https://doi.org/10.1136/bmj.39339.610000.BE

  88. Preacher, K.J., Hayes, A.F.: SPSS and SAS procedures for estimating indirect effects in simple mediation models. Behav. Res. Methods Instruments Comput. 36(4), 717–731 (2004). https://doi.org/10.3758/BF03206553

    Article  Google Scholar 

  89. Watkins, M.W.: A step-by-step guide to exploratory factor analysis with SPSS. Department of Educational Psychology, Baylor University, United States: Taylor and Francis, (2021). https://doi.org/10.4324/9781003149347

  90. Marsh, H.W., Guo, J., Dicke, T., Parker, P.D., Craven, R.G.: Confirmatory Factor Analysis (CFA), exploratory structural equation modeling (ESEM), and Set-ESEM: Optimal balance between goodness of fit and parsimony. Multivar. Behav. Res. 55(1), 102–119 (2020). https://doi.org/10.1080/00273171.2019.1602503

    Article  Google Scholar 

  91. Perry, J.L., Nicholls, A.R., Clough, P.J., Crust, L.: Assessing model fit: Caveats and recommendations for confirmatory factor analysis and exploratory structural equation modeling. Meas. Phys. Educ. Exerc. Sci. 19(1), 12–21 (2015). https://doi.org/10.1080/1091367X.2014.952370

    Article  Google Scholar 

  92. Song, L., Langfelder, P., Horvath, S.: Random generalized linear model: A highly accurate and interpretable ensemble predictor. BMC Bioinform. 14 (2013). https://doi.org/10.1186/1471-2105-14-5

  93. Hayes, A.F.: Introduction to Mediation, Moderation, and Conditional Process Analysis: A regression-based Approach. Guilford, New York, NY (2017)

    Google Scholar 

  94. Davidson, R., MacKinnon, J.G.: Estimation and Inference in Econometrics. Oxford University Press, New York, NY (1993)

    Google Scholar 

  95. Liu, H., Wei, S., Ke, W., Wei, K.K., Hua, Z.: The configuration between supply chain integration and information technology competency: A resource orchestration perspective. J. Oper. Manag. 44, 13–29 (2016). https://doi.org/10.1016/j.jom.2016.03.009

    Article  Google Scholar 

  96. Frank, A.G., Dalenogare, L.S., Ayala, N.F.: Industry 4.0 technologies: Implementation patterns in manufacturing companies. Int. J. Prod. Econ. 210, 15–26 (2019). https://doi.org/10.1016/j.ijpe.2019.01.004

    Article  Google Scholar 

  97. Boateng, G.O., Neilands, T.B., Frongillo, E.A., Melgar-Quiñonez, H.R., Young, S.L.: Best Practices for Developing and Validating Scales for Health, Social, and Behavioral Research: A Primer, Frontiers in Public Health, vol. 6. [Online]. Available: https://www.frontiersin.org/articles/ (2018). https://doi.org/10.3389/fpubh.2018.00149

  98. Taber, K.S.: The Use of Cronbach’s Alpha When Developing and Reporting Research Instruments in Science Education, Res. Sci. Educ, vol. 48, no. 6, pp. 1273–1296, Dec. (2018). https://doi.org/10.1007/S11165-016-9602-2/TABLES/1

  99. Williams, B., Onsman, A., Brown, T.: Exploratory factor analysis: A five-step guide for novices. J. Emerg. Prim. Heal Care. 8(3), 1–13 (2010). https://doi.org/10.33151/ajp.8.3.93

    Article  Google Scholar 

  100. Wood, J.M., Tataryn, D.J., Gorsuch, R.L.: Effects of under- and overextraction on principal axis factor analysis with varimax rotation. Psychol. Methods. 1(4), 354–365 (1996). https://doi.org/10.1037/1082-989X.1.4.354

    Article  Google Scholar 

  101. Li, C.-H.: Confirmatory factor analysis with ordinal data: Comparing robust maximum likelihood and diagonally weighted least squares. Behav. Res. Methods. 48(3), 936–949 (2016). https://doi.org/10.3758/s13428-015-0619-7

    Article  Google Scholar 

  102. Hu, L.-T., Bentler, P.M.: Fit indices in Covariance structure modeling: Sensitivity to Underparameterized Model Misspecification. Psychol. Methods. 3(4), 424–453 (1998). https://doi.org/10.1037/1082-989X.3.4.424

    Article  Google Scholar 

  103. Hoe, S.L.: Issues and procedures in adopting structural equation modelling technique. J. Quant. Methods. 3(1), 76 (2008)

    Google Scholar 

  104. Bentler, P.M.: Comparative fit indexes in structural models. Psychol. Bull. 107(2), 238–246 (1990). https://doi.org/10.1037/0033-2909.107.2.238

    Article  Google Scholar 

  105. Sharma, S., Mukherjee, S., Kumar, A., Dillon, W.R.: A simulation study to investigate the use of cutoff values for assessing model fit in covariance structure models. J. Bus. Res. 58(7), 935–943 (2005). https://doi.org/10.1016/j.jbusres.2003.10.007

    Article  Google Scholar 

  106. Hu, L.T., Bentler, P.M.: Cutoff criteria for fit indexes in covariance structure analysis: Conventional criteria versus new alternatives, https://doi.org10705519909540118, vol. 6, no. 1, pp. 1–55, (2009). https://doi.org/10.1080/10705519909540118

  107. Ogbanufe, O., Kim, D.J., Jones, M.C.: Informing cybersecurity strategic commitment through top management perceptions: The role of institutional pressures. Inf. Manag. 58(7) (2021). https://doi.org/10.1016/j.im.2021.103507

  108. Reeves, A., Calic, D., Delfabbro, P.: Get a red-hot poker and open up my eyes, it’s so boring’1: Employee perceptions of cybersecurity training. Comput. Secur. 106 (2021). https://doi.org/10.1016/j.cose.2021.102281

  109. Mian, T.S., Alatawi, E.M.: Investigating how parental perceptions of Cybersecurity Influence Children’s safety in the Cyber World: A case study of Saudi Arabia. Intell. Inf. Manag. 15(5), 350–372 (2023)

    Google Scholar 

  110. Mohamed, M., Porterfield, T., Chakraborty, J.: Cross-cultural effects on graphical password memorability and design. J. Syst. Inf. Technol. 23(1), 82–108 (2021). https://doi.org/10.1108/JSIT-06-2020-0105

    Article  Google Scholar 

  111. Corradini, I.: Security: Human nature and Behaviour. in In: Studies in Systems, Decision and Control. Themis Research Center, vol. 284, pp. 23–47. Springer, Rome, Italy (2020). https://doi.org/10.1007/978-3-030-43999-6_2

    Chapter  Google Scholar 

  112. Nel, F., Drevin, L.: Key elements of an information security culture in organisations. Inf. Comput. Secur. 27(2), 146–164 (2019). https://doi.org/10.1108/ICS-12-2016-0095

    Article  Google Scholar 

  113. Hong, Y., Kim, M.-J., Roh, T.: Mitigating the impact of work overload on Cybersecurity Behavior: The moderating influence of corporate Ethics—A mediated moderation analysis. Sustainability. 15, 19 (2023). https://doi.org/10.3390/su151914327

    Article  Google Scholar 

  114. Nwankpa, J.K., Datta, P.M.: Remote vigilance: The roles of cyber awareness and cybersecurity policies among remote workers. Comput. Secur. 130, 103266 (2023). https://doi.org/10.1016/j.cose.2023.103266

    Article  Google Scholar 

  115. Shah, M.U., Iqbal, F., Rehman, U., Hung, P.C.K.: A comparative Assessment of human factors in Cybersecurity: Implications for Cyber Governance. IEEE Access. 11, 87970–87984 (2023). https://doi.org/10.1109/ACCESS.2023.3296580

    Article  Google Scholar 

  116. Al-Hasani, Y.S., Zain, J.M., Azrag, M.A.K., Edris, K.H.M.: Relationship Between Consumer’s Social Networking Behavior and Cybercrime Victimization Among the University Students, in International Conference on Information Systems and Intelligent Applications, pp. 683–694. (2023). https://doi.org/10.1007/978-3-031-16865-9_55

  117. Burrell, D.N., Johnson, T., Shufutinsky, A., Ramjit, D.-M.: Organizational Dynamics of the Rise of Telework as an Adaptive Response to a Global Pandemic, L. Forces Acad. Rev, vol. 26, no. 3, pp. 209–222, Sep. (2021). https://doi.org/10.2478/RAFT-2021-0028

Download references

Funding

No funds, grants, or other support was received.

Author information

Authors and Affiliations

  1. University of Business and Technology, H5G2+FX3 Ar Rawadah, Jeddah, 23435, Saudi Arabia

    Ahmed M. Asfahani

Authors
  1. Ahmed M. Asfahani
    View author publications

    You can also search for this author inPubMed Google Scholar

Contributions

This is a single-researcher manuscript.

Corresponding author

Correspondence to Ahmed M. Asfahani.

Ethics declarations

Ethics approval and consent to participate

The study was conducted in accordance with the Declaration of Helsinki and approved by the Ethics Committee of the University of Business and Technology.

Informed consent

Informed consent was obtained from all subjects involved in the study.

Competing interests

The authors declare no competing interests.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Asfahani, A.M. Perceptions of organizational responsibility for cybersecurity in Saudi Arabia: a moderated mediation analysis. Int. J. Inf. Secur. 23, 2515–2530 (2024). https://doi.org/10.1007/s10207-024-00859-3

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-024-00859-3

Keywords

Profiles

  1. Ahmed M. Asfahani View author profile