Start/Continue
Qualities to prioritise when hiring for better compliance include ______.
Positive security attitude and strong ethical orientation.
Rewards have ______ influence on policy compliance.
Weak.
Why can't one technique both improve compliance and reduce violations?
Because they stem from different factors, such as ethics and fairness vs fear of sanctions and ease-of-use.
Why should cybersecurity policies be tailored to employee context?
Uniform policies ignore cultural, regional and role differences, reducing effectiveness.
What proportion of data breaches stems from employee non-compliance?
More than half (over 50% of breaches).
Managers demonstrating commitment and allocating resources influence compliance through ______.
Leadership modelling and support.
Punishments often backfire because they ______.
Damage morale and foster an 'us vs them' culture.
What drives employees to comply with security policies?
Personal ethics, perceptions of fairness, and self-efficacy.
Name one contextual factor that influences policy compliance.
Regional culture, job type, or generational norms.
What is the average cost of a data breach (IBM, 2019)?
$3.92 million.
Beyond awareness, effective training should build ______.
Skills and confidence.
This design priority often backfires because it ignores context.
Efficiency or one-size-fits-all policies.
What motivates employees to avoid policy violations?
Fear of sanctions, the ease-of-use of policies, and job efficiency.
How does customization improve policy compliance?
Aligning policies with employees' environment increases buy-in.
Name an intangible benefit employees gain from complying with cybersecurity policies.
A sense of accomplishment and helping protect organisational resources.
Making compliance practical and providing quick support helps employees ______.
Follow through on intentions.
One technique cannot both improve compliance and reduce violations because ______.
They stem from different factors.
Why is it wrong to treat compliance and violation as the same behaviour?
Employees can be non-compliant without violating rules; strategies must separately address promoting compliance and reducing violations.
What evidence from the article supports customizing policies?
Interviews noted that policies are often seen as hindering productivity when not adapted to context.
Describe one real-world complaint about cybersecurity policies from the article.
Employees complained about too many password requirements and burdensome web filters slowing them down.