Abstract
Information communication technology (ICT) is constantly evolving, it is currently used in virtually every aspect of human life, such as financial transactions. Due to its ongoing development, the internet serves as the basis for all service platforms. Financial institutions are responding to the development of ICT by following suit in an effort to improve services and maintain existing technology. Similarly, worldwide cybercrime has increased, resulting in financial losses. As a result, information security has become a pressing concern for any institution tasked with providing adequate services. Developing complex security methods that address people, processes, and technology is required to strike a balance between the technical and behavioural components of information security. This qualitative study will examine how socio-organizational factors can enhance employees’ attitudes toward information security culture at any financial institution. To fulfil the above aim, a qualitative methodology is utilised. Interviews (prior and main) and document analysis (Review & Analysis of Internal Materials in the banking sector of Nigeria) will be used to collect data. The Quota Sampling method is used in recruiting participants for interviews. With the assistance of academic experts, fellow researchers, and information security professional experts, the interview questions will be pretested. The Thematic analysis will be utilised to deduce occurrences, patterns, and use of concepts. Based on the analysis of data gathered from 38 top management of a financial institution, the study concludes that improving information security culture in any institution requires strong leadership, accountability, education/awareness/training/experience, commitment & trust, monitoring & internal control (audits), process integration, technology, permissible/institutional pressure, societal pressure, personal beliefs, values, and attitudes. The study expands on ’behavioural information security’, a crucial area of study. It bridges the gap in research most especially in Africa as it expands knowledge of information security by critically exploring human factors in the form of employees in the financial sector of a cross-cultural country Nigeria. From a theoretical perspective, the study presents socio-organizational factors that can enhance employees’ attitudes toward information security culture. From a practical perspective, it is a study which provides guideline for better articulation, formation, and implementation of an organisation’s Information security laws, policies, and procedures as well as to create a framework which can aid top management in recruiting. The usefulness of this thesis is not limited to the financial institution of Nigeria/Africa.