International Journal of Management Technology (IJMT)

CSETA

Information Security Culture and Cybersecurity Policy Compliance in The University of Abuja: The Mediating Role of Cybersecurity Awareness (Published)

The escalating prevalence of human-mediated cybersecurity incidents in higher education institutions underscores the inadequacy of purely technological defences and redirects scholarly and policy attention toward behavioural and cultural antecedents of compliance. This paper examines the effect of Information Security Culture (ISC), operationalised through Cyber Security Education, Training and Awareness (CSETA), on Cybersecurity Policy Compliance (CPC) among staff and students of the University of Abuja, Nigeria, with Cybersecurity Awareness as a mediating variable. The University of Abuja provides a particularly instructive institutional setting, as a federal dual-mode university whose residential and distance learning operations expose a heterogeneous user community of approximately 58,726 staff and students to intensifying cyber threats within an evolving Nigerian regulatory environment. The problem of persistent policy non-compliance, despite the enactment of the Nigeria Data Protection Act (2023) and related national cybersecurity instruments, constitutes the motivating research problem. The study aims to examine how CSETA influences three sub-dimensions of compliance, namely Incident Response Behaviour (IRB), Data Handling and Protection (DHP), and Intention to Comply with Security Policies (ITC), and to evaluate whether these relationships operate through the cognitive mediation of cybersecurity awareness. Three established behavioural paradigms provide the theoretical foundation: Protection Motivation Theory (Rogers, 1975, 1983), General Deterrence Theory (Gibbs, 1975; Straub, 1990), and the Theory of Planned Behaviour (Ajzen, 1991). A cross-sectional quantitative design will be employed, with a stratified random sample of 400 respondents drawn proportionally from the staff and student populations. Data will be collected through a validated 33-item structured questionnaire. Multiple regression analysis will test the direct effects at p < .05, while the Hayes (2022) PROCESS Macro Model 4 with 5,000 bias-corrected bootstrap resamples will test the mediating role of cybersecurity awareness. The study is expected to contribute a theoretically integrated, empirically grounded, and contextually relevant evidence base for cybersecurity governance within Nigerian federal universities, address significant gaps in the higher education cybersecurity compliance literature, and offer actionable guidance for institutional policy and practice.

Keywords: CSETA, Higher Education, Nigeria, cybersecurity awareness, cybersecurity policy compliance, information security culture, mediation analysis

Scroll to Top

Don't miss any Call For Paper update from EA Journals

Fill up the form below and get notified everytime we call for new submissions for our journals.