How attitude, shared tacit assumptions, espoused values, subjective norms, behavioural intention and knowledge influence information security culture

Threat vectors to information assets of firms continue to multiply especially with rapid advances in ICT capabilities. Financial services firms are one of the prime targets of information security breaches because of the increased probability of the miscreants realising pecuniary benefits. The cultivation of information security culture is viewed as the most effective safeguard of warding off information security breaches. This study examined the impact that knowledge, attitude, shared tacit assumptions, subjective norms, espoused values and behavioural intention exert on financial services information security culture. The study’s participants were drawn from four financial services firms in Zimbabwe. The questions that constituted the questionnaire that was sent to the respondents were derived from the extent literature on information security culture. The regression analysis performed on the responses to the questionnaire showed that knowledge, attitude, subjective norms, shared tacit assumptions and behavioural intention are all significant predictors of financial services information security culture. However, the study established that espoused values are not a significant predictor of financial services information security culture. The study suggested that financial services should leverage the constructs that the study established to be significant predictors of financial services information security culture especially improving their employees’ information security knowledge and attitudes which in turn influence the other constructs.