Perceptions of organizational responsibility for cybersecurity in Saudi Arabia: a moderated mediation analysis

The study aims to explore the crucial interaction between organizational responsibility and employee behavior in cybersecurity, particularly in the distinct setting of Saudi Arabia. It investigates how organizational responsibility perceptions impact employee attitudes and practices towards cybersecurity. The research utilizes a mixed theoretical framework, incorporating stewardship theory, protection motivation theory, and the theory of planned behavior. It examines the intricate link between organizational leadership, policies, and individual responses to cybersecurity threats through a comprehensive survey conducted among Saudi employees. The study discovers that employees’ perceptions of organizational responsibility greatly influence their cybersecurity behavior. It also finds that employee attitudes towards cybersecurity act as a mediator in this relationship. Contrary to expectations, personal experiences with cybersecurity incidents do not significantly moderate these relationships. This underlines the complex and culture-specific nature of cybersecurity compliance in organizational contexts. This research uniquely contributes to the understanding of cybersecurity behavior within organizations, particularly highlighting the need for policies that align with both organizational objectives and individual behaviors in culturally specific environments like Saudi Arabia. It offers novel insights into the less pronounced impact of personal cybersecurity experiences on organizational-employee dynamics in cybersecurity compliance.