Understanding students’ compliance behaviour with the information security measures within a South African university.

Abstract

Today’s organisations are continuously and increasingly being exposed to security breaches. Higher education institutions have also been affected by the increasing occurrences of security breaches. Higher education institutions’ exposure to security breaches have been attributed to factors such as human error and lack of information security compliance among students. Studies have shown that students do not comply with information security policies. Hence, students, like most humans, remain the weakest link in the exposure of information and information systems to cyberattacks. In this study, the protection motivation theory was used as the guiding theoretical framework to understand students’ compliance behaviour with information security measures. This study employed an exploratory research design supported by a quantitative research approach to investigate the factors influencing students’ compliance with information security measures. The data was collected using a questionnaire and was analysed using the statistical package for social science (SPSS). From a stratified sample of 376 participants, the findings indicate that Perceived Severity and Perceived Rewards have the most significant effect on student compliance with information security measures. This study further makes suggestions that may help improve compliance with information security controls within higher education institutions, such as replacing the student card system with biometric fingerprint scanners which are a more convenient method to access the university.