Antecedents of Employees' Information Security Awareness - Review, synthesis, and Directions for Future Research

Living in a digital age, where all kinds of information are accessible electronically at all times, organizations worldwide struggle to keep their information assets secure. Interestingly, the majority of organizational information systems security (ISS) incidents are the direct or indirect result of human errors. To explore how organizations can defend themselves against harmful ISS behaviour, employees’ information security awareness (ISA) has become a top-priority in research and practice. ISA is referred to as a state of consciousness and knowledge about security issues and is a strong predictor of security compliant behaviour. However, to date knowledge about the factors that are responsible for some employees having a higher level of ISA than others is limited and widely dispersed among multidisciplinary outlets. Therefore, our study provides an extensive review of the literature on ISA’s antecedents with the aim to synthesize the literature and to reveal areas for further research. We analysed 44 publications to discern various institutional, individual, and socio-environmental ISA antecedents. Identifying and understanding these factors will be useful for stakeholders interested in improving the effectiveness of awareness strategies, in increasing employees’ ISA and in ultimately lowering the substantial ISS threats for organizations and society.