This paper analyses the concept of leadership and its impact on human factors in the minimisation of security risk. A chronology of information security (IS) institutionalisation describes the combination of technical approaches and human management. It explains that many technological approaches to security have been developed to minimise security risks, but that such approaches are meaningless if human management fails to commit. It has been shown that too many incidents leading to cyber threats occur not because of technological, but rather human factors. This paper therefore studies human management by investigating the relationship between leadership and human factors. The research is conducted by means of an online survey of participants who are currently employed at manager, executive and non-executive levels. The two theories tested show that there is a significant correlation between management communication and employees’ responsibility, which lead to a significant impact on the human factors in cyber threats. The study concludes that leadership and human failure are correlated to each other and that they contribute to the understanding that leadership is the key aspect in the prevention of cyber threats.

Alnatheer, M. A., 2014. A conceptual model to understand information security culture. International Journal of Social Science and Humanity, 4(2), pp. 104–107.

BSI, 2012. The British Standard Institution 2007. 3rd edn. United Kingdom: BSI.

Clark, D., 2011. A Big Dog A Little Dog and Knowledge Jump Production. [Online] Available at: http://www.nwlink.com/~donclark/leader/LMCC.html [accessed 27 March 2015].

Gatewood, T. F., 1995. Management: comprehension, analysis and application. s.l.: Richard D Irwin (December 1994).

Dhillon, G., 1995. Interpreting the management of information systems security. PhD thesis.

Hofstede, 1996. Cultures and Organizations – Software of the Mind. Online at: http://www.novsu.ru/file/1092483.

Huczyncski, B., 2001. Organisation Behaviour. s.l.:Clearway Logistics Phase 10-12.

Kid, H., 2015. Homes Kid. [Online] Available at: http://homes-kid.com/person-looking-in-mirror-cartoon.html [accessed 4 May 2015].

Lim, B., 1995. Examining the organizational culture and organizational performance link. Leadership and Organization Development Journal, 16 (5), pp. 16–21.

Lim, J. S., 2009. Exploring the Relationship between Organisational Culture and Information Security Culture. Australian Information Security Management Conference, Edith Cowan University, pp. 1–11.

Mintzberg, 1977. Policy as a field of management policy. Academy of Management, 2, pp. 88-103).

Nasreen, R. T. M. K., 2009. Measures for improving information security management in organisations. The Impact of Training and Awareness Programmes. UK Academy for Information Systems Conference Proceedings 2012, Paper 8, pp. 1–10.

PWC, 2012. PWC. [Online] Available at: http://www.pwc.co.uk/audit-assurance/publications/uk-information-security-breaches-survey-results-2012.jhtml [accessed 22 January 2013].

Schlienger T. T., 2003. Information security culture: from analysis to change. Proceedings of the 3rd Annual Information Security South Africa Conference, Sandton, South Africa.

Williams, E. M., 2007. The relationship of organizational culture, stress, satisfaction, and burnout with physician-reported error and suboptimal patient care: Results from the MEMO study. Health Care Management Review, 32 (3), pp. 203–212.

Yan Chen, K. a. K. W. W., 2012. Organizations’ information security policy compliance: stick or carrot approach? Journal of Management Information Systems, 29 (3), pp. 157–188.

Zakaria, O., 2007. Investigating information security culture challenges in a public sector organisation: a Malaysian case. London: University of London.

Zainudin, H. B. A. U. R., 2014. An analysis of top management change on information security management system. Asian Journal of Computer and Information Systems, 2(6), pp. 177–181.