Communications of the IIMA


Retail industry has suffered some of the biggest data breaches in recent times. Organizations are deploying technological tools to limit data breaches. However, purely technological solution is not going to be sufficient because human-factor is often considered to be the weakest link in Information Security. In this paper, the authors investigate the behavioral aspect of information security in a retail setting. Specifically, the factors that influence compliance behaviors to information security policies (ISP) in retail stores are identified. Attitude, awareness, and sanctions are proposed as key variables that influence compliance intentions to ISP. The authors test the proposed model using employees from a well-known retail store. The implications and importance of human element in retail information security are discussed.