What influences employees to follow security policies?

Data and information play a critical role in cyber security policies in organizations, so it is essential to protect them. Companies invest in the latest and most secured softwares, and specialized IT employees to protect the firm's data and information. Nevertheless, there are still incidents and huge losses of information because of the careless behaviour of the employees. Companies continue to spend considerable sums on security and yet remain in danger of attacks. By combining the value of congruence model (VC), the theory of planned behaviour model (TPB), and security conscious care behaviour we show that security behaviour can be influenced through effortless and low-cost measures that are a very advantageous solution for companies to protect their assets. With a sample of 193 respondents we demonstrate that companies need only to keep their employees motivated, happy, and satisfied in order to encourage them to adhere to the cyber security policies already in place. We show that information security awareness moderates the relationship between subjective norms and behaviour intention, and that job satisfaction moderates the relationship between behaviour intention and security behaviour. We show practical and theoretical implications based on our conclusions.