IT organizations and CEO‟s are, and should be, concerned these days about the (lack of) data
confidentiality and the usage of „shadow‟ IT systems by employees. Not only does the company
risk monetary loss or public embarrassment, the senior management might also risk personal
fines or even imprisonment. Several trends reinforce the attention for these subjects, including
the fact that an increasing number of people perform parts of their work tasks from home (RSA,
2007) and the increasing bandwidth available to internet users which makes them rely on the
Internet for satisfying their business and personal computing needs (Desisto et al. 2008).
Employee compliance with the existing IT security policies is therefore essential.
This paper presents a study on factors that influence non-compliance behavior of employees in
organizations. The factors found in literature are tested in a survey study amongst employees of a
big-four accountancy firm in the Netherlands and Belgium. The study concludes that stricter IT
governance and cultural aspects are the most important factors influencing non-compliance