How attitude, shared tacit assumptions, espoused values, subjective norms, behavioural intention and knowledge influence information security culture | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article How attitude, shared tacit assumptions, espoused values, subjective norms, behavioural intention and knowledge influence information security culture Annelie Jordaan, Joseph Mupokosera II This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-6930311/v1 This work is licensed under a CC BY 4.0 License Status: Under Review Version 1 posted 9 You are reading this latest preprint version Abstract Threat vectors to information assets of firms continue to multiply especially with rapid advances in ICT capabilities. Financial services firms are one of the prime targets of information security breaches because of the increased probability of the miscreants realising pecuniary benefits. The cultivation of information security culture is viewed as the most effective safeguard of warding off information security breaches. This study examined the impact that knowledge, attitude, shared tacit assumptions, subjective norms, espoused values and behavioural intention exert on financial services information security culture. The study’s participants were drawn from four financial services firms in Zimbabwe. The questions that constituted the questionnaire that was sent to the respondents were derived from the extent literature on information security culture. The regression analysis performed on the responses to the questionnaire showed that knowledge, attitude, subjective norms, shared tacit assumptions and behavioural intention are all significant predictors of financial services information security culture. However, the study established that espoused values are not a significant predictor of financial services information security culture. The study suggested that financial services should leverage the constructs that the study established to be significant predictors of financial services information security culture especially improving their employees’ information security knowledge and attitudes which in turn influence the other constructs. Full Text Additional Declarations No competing interests reported. Cite Share Download PDF Status: Under Review Version 1 posted Reviews received at journal 18 Sep, 2025 Reviews received at journal 27 Aug, 2025 Reviewers agreed at journal 19 Aug, 2025 Reviewers agreed at journal 31 Jul, 2025 Reviewers agreed at journal 28 Jul, 2025 Reviewers invited by journal 28 Jul, 2025 Editor assigned by journal 24 Jun, 2025 Submission checks completed at journal 24 Jun, 2025 First submitted to journal 19 Jun, 2025 You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-6930311","acceptedTermsAndConditions":true,"allowDirectSubmit":false,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":492394273,"identity":"6d4eda27-1a29-44c6-8157-84c062f7bf01","order_by":0,"name":"Annelie Jordaan","email":"","orcid":"","institution":"Vaal University of Technology","correspondingAuthor":false,"prefix":"","firstName":"Annelie","middleName":"","lastName":"Jordaan","suffix":""},{"id":492394275,"identity":"60a63768-f041-499a-8c05-f1c857aa5db9","order_by":1,"name":"Joseph Mupokosera II","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAuklEQVRIiWNgGAWjYNACHgY5EHXgAQlaDIzBWhJIsMYgsQFEEaVFd0buwcc8Mn/S54cdfgi0xU5Ot4GAFrMbecmGM3gMcjfeTjMAakk2NjtAUEuOmcQHkJbZCSAtBxK3EaUlgccg3XB2+gcStABtSZCXziHWljPvQH4xNtwgnVNwIMGAGL8cB4YYb4+cvPzs9M0fPlTYyRHUAop5BsYeYMyAVRoQVA7VwvCDgUG+gSjVo2AUjIJRMBIBAOFYRFQrKB5oAAAAAElFTkSuQmCC","orcid":"","institution":"Tshwane University of Technology","correspondingAuthor":true,"prefix":"","firstName":"Joseph","middleName":"Mupokosera","lastName":"II","suffix":""}],"badges":[],"createdAt":"2025-06-19 10:38:22","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-6930311/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-6930311/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":87892627,"identity":"fbfbfc77-fe45-43e0-a394-0234a13bc876","added_by":"auto","created_at":"2025-07-30 06:55:39","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":485620,"visible":true,"origin":"","legend":"","description":"","filename":"ATTSTAEV.pdf","url":"https://assets-eu.researchsquare.com/files/rs-6930311/v1_covered_9a2cb5c1-dfaa-4b45-b656-0c7c2da8b97f.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"How attitude, shared tacit assumptions, espoused values, subjective norms, behavioural intention and knowledge influence information security culture","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":false,"hideJournal":false,"highlight":"","institution":"","isAcceptedByJournal":true,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"
[email protected]","identity":"international-journal-of-information-security","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"ijis","sideBox":"Learn more about [International Journal of Information Security](http://link.springer.com/journal/10207)","snPcode":"10207","submissionUrl":"https://submission.nature.com/new-submission/10207/3","title":"International Journal of Information Security","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"em","reportingPortfolio":"Springer Hybrid","inReviewEnabled":true,"inReviewRevisionsEnabled":false},"keywords":"","lastPublishedDoi":"10.21203/rs.3.rs-6930311/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-6930311/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"Threat vectors to information assets of firms continue to multiply especially with rapid advances in ICT capabilities. Financial services firms are one of the prime targets of information security breaches because of the increased probability of the miscreants realising pecuniary benefits. The cultivation of information security culture is viewed as the most effective safeguard of warding off information security breaches. This study examined the impact that knowledge, attitude, shared tacit assumptions, subjective norms, espoused values and behavioural intention exert on financial services information security culture. The study’s participants were drawn from four financial services firms in Zimbabwe. The questions that constituted the questionnaire that was sent to the respondents were derived from the extent literature on information security culture. The regression analysis performed on the responses to the questionnaire showed that knowledge, attitude, subjective norms, shared tacit assumptions and behavioural intention are all significant predictors of financial services information security culture. However, the study established that espoused values are not\na significant predictor of financial services information security culture. The study suggested that financial services should leverage the constructs that the study established to be significant predictors of financial services information security culture especially improving their employees’ information security knowledge and attitudes which in turn influence the other constructs.","manuscriptTitle":"How attitude, shared tacit assumptions, espoused values, subjective norms, behavioural intention and knowledge influence information security culture","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2025-07-30 06:31:34","doi":"10.21203/rs.3.rs-6930311/v1","editorialEvents":[{"type":"communityComments","content":0},{"type":"editorInvitedReview","content":"","date":"2025-09-18T15:13:44+00:00","index":"hide","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2025-08-27T09:03:43+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"4015012496571141816985656028957251870","date":"2025-08-19T09:43:23+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"302800334266205925118705690083343007321","date":"2025-07-31T08:32:41+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"202804401807808066081992141355496485401","date":"2025-07-28T09:06:03+00:00","index":"hide","fulltext":""},{"type":"reviewersInvited","content":"","date":"2025-07-28T08:44:54+00:00","index":"","fulltext":""},{"type":"editorAssigned","content":"","date":"2025-06-24T08:15:24+00:00","index":"","fulltext":""},{"type":"checksComplete","content":"","date":"2025-06-24T08:13:46+00:00","index":"","fulltext":""},{"type":"submitted","content":"International Journal of Information Security","date":"2025-06-19T10:36:06+00:00","index":"","fulltext":""}],"status":"published","journal":{"display":true,"email":"
[email protected]","identity":"international-journal-of-information-security","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"ijis","sideBox":"Learn more about [International Journal of Information Security](http://link.springer.com/journal/10207)","snPcode":"10207","submissionUrl":"https://submission.nature.com/new-submission/10207/3","title":"International Journal of Information Security","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"em","reportingPortfolio":"Springer Hybrid","inReviewEnabled":true,"inReviewRevisionsEnabled":false}}],"origin":"","ownerIdentity":"d4373f16-5084-4b53-ab42-0a95cd61a6fd","owner":[],"postedDate":"July 30th, 2025","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"under-review","subjectAreas":[],"tags":[],"updatedAt":"2025-09-18T15:23:41+00:00","versionOfRecord":[],"versionCreatedAt":"2025-07-30 06:31:34","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-6930311","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-6930311","identity":"rs-6930311","version":["v1"]},"buildId":"8U1c8b4HqxoKbykW_rLl7","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}
Text is read by the "Ask this paper" AI Q&A widget below.
Extraction quality varies by source — PMC NXML preserves structure
cleanly, OA-HTML may include some navigation residue, and OA-PDF can
have broken hyphenation. The publisher copy
(via DOI)
is the canonical version.