{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,23]],"date-time":"2026-03-23T15:26:20Z","timestamp":1774279580907,"version":"3.50.1"},"reference-count":59,"publisher":"Emerald","issue":"5","license":[{"start":{"date-parts":[[2021,8,4]],"date-time":"2021-08-04T00:00:00Z","timestamp":1628035200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2021,11,12]]},"abstract":"<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title>\n<jats:p>The purpose of this study is to examine factors, which influence information security culture among employees of telecommunications companies. The motivation for this study was the rise in the number of data breach incidents caused by the organizations\u2019 own employees.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title>\n<jats:p>A total of 139 usable responses were collected via a Web-based questionnaire survey from employees of Malaysian telecommunications companies. Data were analysed by using SmartPLS 3.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Findings<\/jats:title>\n<jats:p>Security education, training and awareness (SETA) programmes and information security awareness were found to have a positive and significant impact on Information Security Culture. Additionally, self-reported employees\u2019 security behaviour was found to act as a partial mediator on the relationship between information security awareness and information security culture.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Research limitations\/implications<\/jats:title>\n<jats:p>The study was cross-sectional in nature. Therefore, it could not measure changes in population over time.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Practical implications<\/jats:title>\n<jats:p>The empirical data provides a new perspective on significant elements that influence information security culture in an emerging market. Organizations in the telecommunications industry can now recognize that SETA programmes and information security awareness have a significant impact on information security culture. Employees\u2019 security behaviour also mediates the relationship between information security awareness and information security culture.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title>\n<jats:p>This is the first study to analyse the mediating effect of employees\u2019 security behaviour on the relationship between information security awareness and information security culture in the Malaysian telecommunications context.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ics-02-2021-0020","type":"journal-article","created":{"date-parts":[[2021,8,3]],"date-time":"2021-08-03T06:39:35Z","timestamp":1627972775000},"page":"866-882","source":"Crossref","is-referenced-by-count":21,"title":["Predicting information security culture among employees of telecommunication companies in an emerging market"],"prefix":"10.1108","volume":"29","author":[{"given":"Nurul Asmui Azmi","family":"Md Azmi","sequence":"first","affiliation":[]},{"given":"Ai Ping","family":"Teoh","sequence":"additional","affiliation":[]},{"given":"Ali","family":"Vafaei-Zadeh","sequence":"additional","affiliation":[]},{"given":"Haniruzila","family":"Hanifah","sequence":"additional","affiliation":[]}],"member":"140","published-online":{"date-parts":[[2021,8,4]]},"reference":[{"key":"key2021111012415961200_ref001","first-page":"124","article-title":"Security challenges to telecommunications networks: an overview of threats and preventive strategies","year":"2015"},{"key":"key2021111012415961200_ref002","first-page":"1","article-title":"Information security culture: a behaviour compliance conceptual framework","volume-title":"Australasian Information Security Conference (AISC)","year":"2010"},{"key":"key2021111012415961200_ref004","doi-asserted-by":"publisher","first-page":"567","DOI":"10.1016\/j.chb.2015.03.054","article-title":"Design and validation of information security culture framework","volume":"49","year":"2015","journal-title":"Computers in Human Behavior"},{"key":"key2021111012415961200_ref003","doi-asserted-by":"crossref","unstructured":"AlHogail, A. and Mirza, A. (2014), \u201cInformation security culture: a definition and a literature review\u201d, Paper presented at the 2014 World Congress on Computer Applications and Information Systems (WCCAIS), Hammamet, pp. 1-7, doi: 10.1109\/WCCAIS.2014.6916579.","DOI":"10.1109\/WCCAIS.2014.6916579"},{"issue":"01","key":"key2021111012415961200_ref005","first-page":"1","article-title":"A study of cyber security awareness in educational environment in the Middle East","volume":"15","year":"2016","journal-title":"Journal of Information and Knowledge Management"},{"key":"key2021111012415961200_ref006","unstructured":"Alnatheer, M. (2012), \u201cUnderstanding and measuring information security culture in developing countries: case of Saudi Arabia\u201d, Ph.D thesis, Queensland University of Technology, available at: https:\/\/eprints.qut.edu.au\/64070\/1\/Mohammed_Al_Natheer_Thesis.pdf (accessed on 11 May 2021)."},{"issue":"1","key":"key2021111012415961200_ref007","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1177\/1043659609360849","article-title":"Organizational culture, quality of work life, and organizational effectiveness in Korean university hospitals","volume":"22","year":"2015","journal-title":"Journal of Transcultural Nursing"},{"issue":"3","key":"key2021111012415961200_ref008","doi-asserted-by":"crossref","first-page":"327","DOI":"10.1108\/ICS-04-2018-0042","article-title":"In their own words: employee attitudes towards information security","volume":"26","year":"2018","journal-title":"Information and Computer Security"},{"key":"key2021111012415961200_ref009","unstructured":"Augustin, S. (2020), \u201cMalindo air hauled to court over data breach\u201d, available at: www.freemalaysiatoday.com\/category\/nation\/2020\/02\/20\/malindo-air-hauled-to-court-over-data-breach\/ (accessed on 17 January 2021)"},{"issue":"9","key":"key2021111012415961200_ref010","first-page":"9331","article-title":"A new evaluation criteria for effective security awareness in computer risk management based on AHP","volume":"2","year":"2012","journal-title":"Journal of Basic and Applied Scientific Research"},{"key":"key2021111012415961200_ref011","first-page":"3939","article-title":"Assessing the role of security education, training, and awareness on insiders\u2019 security-related behavior: an expectancy theory approach","volume-title":"48th HI International Conference on System Sciences","year":"2015"},{"issue":"3","key":"key2021111012415961200_ref012","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1080\/08874417.2015.11645767","article-title":"Impacts of comprehensive information security programmes on information security culture","volume":"55","year":"2015","journal-title":"Journal of Computer Information Systems"},{"issue":"5","key":"key2021111012415961200_ref013","doi-asserted-by":"publisher","first-page":"e1211","DOI":"10.1002\/widm.1211.","article-title":"Enterprise data breach: causes, challenges, prevention, and future directions","volume":"7","year":"2017","journal-title":"Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery"},{"key":"key2021111012415961200_ref014","first-page":"295","article-title":"The partial least squares approach to structural modelling","volume-title":"Modern Methods for Business Research","year":"1998"},{"key":"key2021111012415961200_ref015","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-74817-7_6","article-title":"Employee security behaviour: the importance of education and policies in organisational","volume-title":"Advances in Information Systems Development. Lecture Notes in Information Systems and Organisation","year":"2018"},{"issue":"2","key":"key2021111012415961200_ref016","doi-asserted-by":"crossref","first-page":"196","DOI":"10.1016\/j.cose.2009.09.002","article-title":"A framework and assessment instrument for information security culture","volume":"29","year":"2010","journal-title":"Computers and Security"},{"issue":"101713","key":"key2021111012415961200_ref017","first-page":"1","article-title":"Defining organisational information security culture \u2013 perspectives from academia and industry","volume":"92","year":"2020","journal-title":"Computers and Security"},{"issue":"5","key":"key2021111012415961200_ref018","doi-asserted-by":"crossref","first-page":"474","DOI":"10.1108\/IMCS-08-2013-0057","article-title":"Security culture and the employment relationship as drivers of employees\u2019 security compliance","volume":"22","year":"2014","journal-title":"Information Management and Computer Security"},{"issue":"8","key":"key2021111012415961200_ref019","doi-asserted-by":"crossref","first-page":"698","DOI":"10.1016\/S0167-4048(00)08019-6","article-title":"Information security management: an approach to combine process certification and product evaluation","volume":"19","year":"2000","journal-title":"Computers and Security"},{"issue":"4","key":"key2021111012415961200_ref020","doi-asserted-by":"crossref","first-page":"1149","DOI":"10.3758\/BRM.41.4.1149","article-title":"Statistical power analyses using G*power 3.1: tests for correlation and regression analyses","volume":"41","year":"2009","journal-title":"Behavior Research Methods"},{"issue":"2","key":"key2021111012415961200_ref021","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1016\/S1361-3723(09)70019-3","article-title":"From culture to disobedience: recognising the varying user acceptance of IT security","volume":"2009","year":"2009","journal-title":"Computer Fraud and Security"},{"issue":"5\/6","key":"key2021111012415961200_ref022","doi-asserted-by":"crossref","first-page":"352","DOI":"10.1108\/09576050210447037","article-title":"A prototype tool for information security awareness and training","volume":"15","year":"2002","journal-title":"Logistics Information Management"},{"key":"key2021111012415961200_ref023","first-page":"269","article-title":"Human factors in information security culture: a literature review","volume-title":"Advances in Human Factors in Cybersecurity","year":"2018"},{"issue":"5","key":"key2021111012415961200_ref024","doi-asserted-by":"crossref","first-page":"464","DOI":"10.1177\/0193841X09340214","article-title":"A comparison of web-based and paper-based survey methods: testing assumptions of survey mode and response cost","volume":"33","year":"2009","journal-title":"Evaluation Review"},{"key":"key2021111012415961200_ref025","doi-asserted-by":"crossref","first-page":"242","DOI":"10.1016\/j.cose.2012.10.003","article-title":"Security-related behavior in using information systems in the workplace: a review and synthesis","volume":"32","year":"2013","journal-title":"Computers and Security"},{"key":"key2021111012415961200_ref026","article-title":"\u2018Antecedents of employees' information security awareness-review\u2019, synthesis, and directions for future research","volume-title":"5-10 June","year":"2017"},{"key":"key2021111012415961200_ref027","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1016\/j.jbusres.2019.11.069","article-title":"Assessing measurement model quality in PLS-SEM using confirmatory composite analysis","volume":"109","year":"2020","journal-title":"Journal of Business Research"},{"key":"key2021111012415961200_ref028","unstructured":"Help Net Security (2020), \u201cPasswords still dominant authentication method, top cause of data breaches\u201d, available at: www.helpnetsecurity.com\/2020\/03\/09\/passwords-data-breaches\/ (accessed on 13 May 2021)."},{"issue":"2","key":"key2021111012415961200_ref029","doi-asserted-by":"publisher","first-page":"565","DOI":"10.1007\/s00180-012-0317-1","article-title":"Goodness-of-fit indices for partial least squares path modelling","volume":"28","year":"2013","journal-title":"Computational Statistics"},{"issue":"1","key":"key2021111012415961200_ref030","doi-asserted-by":"publisher","first-page":"115","DOI":"10.1007\/s11747-014-0403-8","article-title":"A new criterion for assessing discriminant validity in variance-based structural equation modelling","volume":"43","year":"2015","journal-title":"Journal of the Academy of Marketing Science"},{"issue":"2","key":"key2021111012415961200_ref031","doi-asserted-by":"crossref","first-page":"106","DOI":"10.1057\/ejis.2009.6","article-title":"Protection motivation and deterrence: a framework for security policy compliance in organisations","volume":"18","year":"2009","journal-title":"European Journal of Information Systems"},{"issue":"4","key":"key2021111012415961200_ref032","doi-asserted-by":"crossref","first-page":"311","DOI":"10.7763\/IJIET.2015.V5.522","article-title":"Leadership styles and information security compliance behavior: the mediator effect of information security awareness","volume":"5","year":"2015","journal-title":"International Journal of Information and Education Technology"},{"issue":"1","key":"key2021111012415961200_ref033","first-page":"17","article-title":"Indirect effect of management support on users\u2019 compliance behaviour towards information security policies","volume":"47","year":"2017","journal-title":"Health Information Management Journal"},{"issue":"1","key":"key2021111012415961200_ref034","doi-asserted-by":"crossref","first-page":"24","DOI":"10.1108\/09685220610648355","article-title":"Information security: management's effect on culture and policy","volume":"14","year":"2006","journal-title":"Information Management and Computer Security"},{"issue":"3","key":"key2021111012415961200_ref035","first-page":"192","article-title":"Information security: corporate culture and organisational commitment","volume":"1","year":"2011","journal-title":"International Journal of Humanities and Social Science"},{"key":"key2021111012415961200_ref036","article-title":"A systematic literature review: information security culture","volume-title":"5th International Conference on Research and Innovation in Information Systems: Social Transformation through Data Science, ICRIIS 2017 [8002442] (International Conference on Research and Innovation in Information Systems, ICRIIS)","year":"2017"},{"key":"key2021111012415961200_ref037","unstructured":"Malaysian Communications and Multimedia Commission (MCMC) (2021), \u201cSuruhanjaya komunikasi dan multimedia Malaysia (SKMM) \u2013 security, trust and governance\u201d, available at: www.skmm.gov.my\/resources\/guidelines\/security,-trust-governance (accessed 8 May 2020)."},{"issue":"8","key":"key2021111012415961200_ref038","first-page":"96","article-title":"Assessing the information security culture in a government context: the case of a developing country","volume":"9","year":"2018","journal-title":"International Journal of Civil Engineering and Technology"},{"key":"key2021111012415961200_ref039","unstructured":"Mullock, H. (2014), \u201cA brief literature review on organisational culture\u201d, available at: https:\/\/research-methodology.net\/a-brief-literature-review-on-organizational-culture\/ (accessed 9 May 2021)."},{"key":"key2021111012415961200_ref040","unstructured":"MyCert (2017), \u201c2017 data breaches known so far\u201d, available at: www.mycert.org.my\/data\/content_files\/27\/831.pdf (accessed 8 May 2020)."},{"issue":"2","key":"key2021111012415961200_ref041","doi-asserted-by":"crossref","first-page":"146","DOI":"10.1108\/ICS-12-2016-0095","article-title":"Key elements of an information security culture in organisations","volume":"27","year":"2019","journal-title":"Information and Computer Security"},{"key":"key2021111012415961200_ref042","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1016\/j.cose.2017.01.004","article-title":"The human aspects of information security questionnaire (HAIS-Q): two further validation studies","volume":"66","year":"2017","journal-title":"Computers and Security"},{"issue":"3","key":"key2021111012415961200_ref043","doi-asserted-by":"crossref","first-page":"879","DOI":"10.3758\/BRM.40.3.879","article-title":"Asymptotic and resampling strategies for assessing and comparing indirect effects in multiple mediator models","volume":"40","year":"2008","journal-title":"Behavior Research Methods"},{"key":"key2021111012415961200_ref044","unstructured":"PwC (2013), \u201cSecurity risks and responses in an evolving telecommunications industry\u201d, available at: www.pwc.com\/gx\/en\/communications\/publications\/communications-review\/assets\/cyber-telecom-security.pdf (accessed on 24 January 2021)."},{"key":"key2021111012415961200_ref045","article-title":"Information security cultures of four professions: a comparative study","year":"2008"},{"issue":"2","key":"key2021111012415961200_ref046","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1016\/S1361-3723(16)30017-3","article-title":"Human aspects of information security in organisations","volume":"2016","year":"2016","journal-title":"Computer Fraud and Security"},{"issue":"2","key":"key2021111012415961200_ref047","doi-asserted-by":"crossref","first-page":"109","DOI":"10.1037\/0003-066X.45.2.109","article-title":"Organisational culture","volume":"45","year":"1990","journal-title":"American Psychologist"},{"issue":"31","key":"key2021111012415961200_ref048","first-page":"46","article-title":"Information security culture \u2013 from analysis to change","volume":"2003","year":"2003","journal-title":"South African Computer Journal"},{"key":"key2021111012415961200_ref049","first-page":"90","article-title":"Awareness, behaviour and culture: the ABC in cultivating security compliance","volume-title":"the 10th International Conference for Internet Technology and Secured Transactions (ICITST)","year":"2015"},{"key":"key2021111012415961200_ref050","unstructured":"Tan, R. and Nair, S. (2017), \u201cM'sia sees biggest mobile data breach\u201d, available at: www.thestar.com.my\/news\/nation\/2017\/10\/31\/msia-sees-biggest-mobile-data-breach-over-46-million-subscribed-numbers-at-risk-from-scam-attacks-an\/ (accessed 8 May 2020)."},{"key":"key2021111012415961200_ref051","unstructured":"The Edge Markets (2018), \u201cTelcos? 2018 service revenue expected to grow 2%\u201d, 17 January, available at: www.theedgemarkets.com\/article\/telcos-2018-service-revenue-expected-grow-2 (accessed 8 May 2020)."},{"key":"key2021111012415961200_ref052","unstructured":"The Straits Times (2017), \u201cMalaysian telco data breach traced to Oman\u201d, 19 November, available at: www.straitstimes.com\/asia\/se-asia\/malaysian-telco-data-breach-traced-to-oman (accessed 8 May 2020)."},{"issue":"4","key":"key2021111012415961200_ref053","doi-asserted-by":"crossref","first-page":"476","DOI":"10.1016\/j.cose.2009.10.005","article-title":"Information security culture: a management perspective","volume":"29","year":"2010","journal-title":"Computers and Security"},{"key":"key2021111012415961200_ref054","doi-asserted-by":"crossref","first-page":"107","DOI":"10.1016\/j.dss.2018.02.009","article-title":"Exploring the influence of flow and psychological ownership on security education, training and awareness effectiveness and security compliance","volume":"108","year":"2018","journal-title":"Decision Support Systems"},{"key":"key2021111012415961200_ref055","unstructured":"Yunus, R. (2019), \u201cAlmost 200% increase in data breach attacks since 2018\u201d, available at: https:\/\/themalaysianreserve.com\/2019\/10\/17\/almost-200-increase-in-data-breach-attacks-since-2018\/ (accessed 17January 2021)."},{"issue":"2","key":"key2021111012415961200_ref056","doi-asserted-by":"crossref","first-page":"197","DOI":"10.1086\/651257","article-title":"Reconsidering Baron and Kenny: myths and truths about mediation analysis","volume":"37","year":"2010","journal-title":"Journal of Consumer Research"},{"key":"key2021111012415961200_ref057","unstructured":"Zurairi, A.R. (2018), \u201cPutrajaya\u2019s exam portal shut down, after data breach affected millions\u201d, available at: www.malaymail.com\/news\/malaysia\/2018\/06\/10\/putrajayas-exam-portal-shut-down-after-data-breach-affecting-millions\/1640346, (accessed 24 January 2021)."},{"key":"key2021111012415961200_ref058","article-title":"Managing employee security behaviour in organisations: the role of cultural factors and individual values","volume-title":"ICT Systems Security and Privacy Protection, SEC 2014, IFIP Advances in Information and Communication Technology","year":"2014"},{"issue":"3","key":"key2021111012415961200_ref059","doi-asserted-by":"crossref","first-page":"246","DOI":"10.1108\/ICS-05-2014-0033","article-title":"Information security culture \u2013 state-of-the art review between 2000 and 2013","volume":"23","year":"2015","journal-title":"Information and Computer Security"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-02-2021-0020\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-02-2021-0020\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:22:42Z","timestamp":1753406562000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/29\/5\/866-882\/105767"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,8,4]]},"references-count":59,"journal-issue":{"issue":"5","published-online":{"date-parts":[[2021,8,4]]},"published-print":{"date-parts":[[2021,11,12]]}},"alternative-id":["10.1108\/ICS-02-2021-0020"],"URL":"https:\/\/doi.org\/10.1108\/ics-02-2021-0020","relation":{},"ISSN":["2056-4961","2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"},{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2021,8,4]]}}}