You are here: Home Contents V11 N2 V11N2_Zainudin.html
Personal tools

The Impact of the Leadership Role on Human Failures in the Face of Cyber Threats



Full text

Journal of Information Systems Security
Volume 11, Number 2 (2015)
Pages 89109
ISSN 1551-0123 (Print)
ISSN 1551-0808 (Online)
Dyana Zainudin — Cardiff School of Management, Cardiff Metropolitan University, Wales, UK
Atta Ur-Rahman — Cardiff School of Management, Cardiff Metropolitan University, Wales, UK
Information Institute Publishing, Washington DC, USA




This paper analyses the concept of leadership and its impact on human factors in the minimisation of security risk. A chronology of information security (IS) institutionalisation describes the combination of technical approaches and human management. It explains that many technological approaches to security have been developed to minimise security risks, but that such approaches are meaningless if human management fails to commit. It has been shown that too many incidents leading to cyber threats occur not because of technological, but rather human factors. This paper therefore studies human management by investigating the relationship between leadership and human factors. The research is conducted by means of an online survey of participants who are currently employed at manager, executive and non-executive levels. The two theories tested show that there is a significant correlation between management communication and employees’ responsibility, which lead to a significant impact on the human factors in cyber threats. The study concludes that leadership and human failure are correlated to each other and that they contribute to the understanding that leadership is the key aspect in the prevention of cyber threats.




Information Security Management, Leadership, Information Security Culture, Human Factor, Cyber Threats, Risk Management




Alnatheer, M. A., 2014. A conceptual model to understand information security culture. International Journal of Social Science and Humanity, 4(2), pp. 104–107.

BSI, 2012. The British Standard Institution 2007. 3rd edn. United Kingdom: BSI.

Clark, D., 2011. A Big Dog A Little Dog and Knowledge Jump Production. [Online] Available at: [accessed 27 March 2015].

Gatewood, T. F., 1995. Management: comprehension, analysis and application. s.l.: Richard D Irwin (December 1994).

Dhillon, G., 1995. Interpreting the management of information systems security. PhD thesis.

Hofstede, 1996. Cultures and Organizations – Software of the Mind. Online at:

Huczyncski, B., 2001. Organisation Behaviour. s.l.:Clearway Logistics Phase 10-12.

Kid, H., 2015. Homes Kid. [Online] Available at: [accessed 4 May 2015].

Lim, B., 1995. Examining the organizational culture and organizational performance link. Leadership and Organization Development Journal, 16 (5), pp. 16–21.

Lim, J. S., 2009. Exploring the Relationship between Organisational Culture and Information Security Culture. Australian Information Security Management Conference, Edith Cowan University, pp. 1–11.

Mintzberg, 1977. Policy as a field of management policy. Academy of Management, 2, pp. 88-103).

Nasreen, R. T. M. K., 2009. Measures for improving information security management in organisations. The Impact of Training and Awareness Programmes. UK Academy for Information Systems Conference Proceedings 2012, Paper 8, pp. 1–10.

PWC, 2012. PWC. [Online] Available at: [accessed 22 January 2013].

Schlienger T. T., 2003. Information security culture: from analysis to change. Proceedings of the 3rd Annual Information Security South Africa Conference, Sandton, South Africa.

Williams, E. M., 2007. The relationship of organizational culture, stress, satisfaction, and burnout with physician-reported error and suboptimal patient care: Results from the MEMO study. Health Care Management Review, 32 (3), pp. 203–212.

Yan Chen, K. a. K. W. W., 2012. Organizations’ information security policy compliance: stick or carrot approach? Journal of Management Information Systems, 29 (3), pp. 157–188.

Zakaria, O., 2007. Investigating information security culture challenges in a public sector organisation: a Malaysian case. London: University of London.

Zainudin, H. B. A. U. R., 2014. An analysis of top management change on information security management system. Asian Journal of Computer and Information Systems, 2(6), pp. 177–181.