Mr Popyeni Kautondokwa

The influence of COVID-19 contextual factors on information security policy compliance

This study aims to understand the impact of COVID-19 pandemic-induced contextual factors on information security policy compliance. The most significant change resulting from the COVID-19 pandemic has been a shift to working from home. Hence, this study aims to understand the impact that telecommuting has had on organisations' information security rules and procedures and how these rules and procedures have impacted the compliance behaviour of employees. This study was based on a conceptual model and used the quantitative research methodology. The sample population for this study was employees working in South African organisations that have information security policies. This study had 298 participants and the data was collected during the fourth wave of COVID-19 infections in South Africa using survey questionnaires. Analysis was conducted using Partial Least Squares Structural Equation Modelling. This study found that technostress had a negative impact on the compliance behaviour of employees, while telecommuting had a positive impact on information security policy awareness and information security policy reviews within organisations. This study also found that information security policy awareness and information security policy reviews in organisations had a significant impact on the compliance behaviour of employees in organisations. This study makes several contributions. Practical contributions include understanding the effect of the work-from-home arrangement on information security policy compliance behaviour, on information security policy awareness and on information security policy reviews. Theoretically, the study developed a conceptual model which can be used by researchers to understand compliance behaviour and to build on this research. Findings from this study can be used by organisations with work-from-home arrangements to strengthen security awareness programs and to update existing information security policies. Further studies can be conducted to understand the impact of COVID-19 pandemic-induced contextual factors in other settings and geographical regions.