Examining the Impact of Technical Controls, Accountability and Monitoring towards Cyber Security Compliance in E-government Organisations


 IT infrastructure and systems are made up of technical as well as social systems that work in alliance to ensure that organization's goals and objectives are met. Security controls and measures are developed and used to guard data and information systems of the organization. The breaches of Cyber security are primarily caused by the misuse of information systems and failure to comply with cyber security measures. Cyber security non-compliance is a major concern for organizations. For effective compliance and human acceptance of cyber security technology and complying with cyber practices, it is essential to ascertain, research, and examine the factors which contribute to the compliance and implementation of cyber security. This study has utilized an enhanced UTAUT2 i.e. Unified Theory of Acceptance and Use of Technology 2 model and assessed its relationship with cyber security compliance. Five new formal and informal factors that affect cyber security compliance in organizations are identified and evaluated. The research questions addressed are: how the formal factors of technical measures; accountability; monitoring and evaluation impact employee's behaviour towards cyber security compliance. The study comprises a correlational survey of employees working at e-government organizations in Saudi Arabia. Results indicate that there is a significant role play by technical measures; accountability; monitoring and evaluation, on employee attitudes and behaviour towards cyber security compliance.

Despite a rich literature on technology adoption models and the role of their constructs on user behaviour towards technology adoption, assessing these models for cyber security compliance is lacking. Although some technology adoption constructs have significant impact on individual and organizational cyber security, but still applying these models for cyber security have not engrossed enough attention in information security literature. Some studies are available (Almaiah et al. 2019;Cuganesan et al. 2018;D'Arcy and Greene 2014;Hu et al. 2012;Liu et al. 2020;S. Raschid Muller and Mary L. Lind 2020; Simonova 2020) but their studies are biased towards some specific type of employees, groups, professions and factors.
There are seven key factors that are discussed by UTAUT2 model in order to explain behavioural intentions to adopt and use technology (Venkatesh et al. 2012)performance expectancy, effort expectancy, social influence, facilitating conditions, hedonic motivation, price value, and habit. Several studies revealed that in the consumer, organizational and individual context, UTAUT2 constructs are strong predictor for cyber security compliance behaviour.
Following is the available literature review of UTAUT2 constructs in relation with cyber security compliance.

Performance Expectancy
Performance expectancy refers to the belief that the use of technology in certain situations can be beneficial as it improves performance (Venkatesh et al. 2012). Studies with UTAUT as the theoretical framework have always shown that there is a statistically significant relationship between expected performance and user acceptance of the technology's behavioral intent Similarly, a study conducted by (Marshall, Mills, and Olsen 2008) in order to identify the effect of end-user training on the performance expectancy. The results reported that end-users' training about how to comply with the developed security policies has a positive relationship with the performance expectancy. In another study (S. Raschid Muller and Mary L. Lind 2020), relationship of PE is also proposed and validated with cyber security compliance.

Effort Expectancy
This construct indicates an individual's belief about the effort or ease associated with the use of technology (Venkatesh et al. 2012). Several studies have been conducted to validate and testify this construct for a relationship with behaviour, user intention, and compliance with the security. A result of the study conducted in the context of e-government state that there is a significant positive relationship between the effort expectancy and behavioural intentions of the users regarding e-government technologies (Krishnaraju, Mathew, and Sugumaran 2016).
Moreover, (S. Raschid Muller and Mary L. Lind 2020) assessed it of information assurance professionals but found non-significant relationship.
(Simonova 2020) conducted a non-experimental correlational research in order to investigate the UTAUT construct's effect on behavioural intentions to comply with the financial services' National Institute of Standards and Technology Cyber security Framework (NIST CSF), while targeting the participants from professionals of cyber security's financial services. The study's findings analyzed using multiple regression analysis using SPSS states that effort expectancy is a significant predictor of behavioural intention for compliance with the National Institute of Standards and Technology Cyber security Framework (NIST CSF) (Simonova 2020).

Social Influence
This factor is associated with the perceived value of the particular technology by the significant others including friend, family and other influencers (Chang 2012;Venkatesh et al. for the behaviour if other people are doing similar things and consistent with it. The authority rule for compliance state that people tends to comply the suggestions of persons who have more legitimate authority. Authority may be regarding a specific situation or more it may exercise general authority. The liking principle for compliance is that people generally comply with the request of those individuals whom they most like. Before asking for any favour or request, the target is engaged to like them. The liking can be increased by physical attractiveness, similarity, compliments, and cooperation. The scarcity rule for compliance is that one tries to get and secure the scares opportunities. There are varieties of techniques that can convert the power of scarcity to compliance (Cialdini and Goldstein 2004;Griskevicius and Cialdini 2010).

Facilitating Condition
Facilitating conditions are referred to as the perceived resources and facilities to an individual to perform a particular behaviour (Chang 2012;Venkatesh et al. 2012). This aspect also involves the support of an individual from various resources (Venkatesh et al. 2012). Studies show that unavailability or lack of proper resources can hinder students' performance on web-based technology and compliance of security protocols by the employees of an organization (Nanayakkara 2007). (Engotoit et al. 2016) researched the moderating effect of UTAUT model's constructs with the ATM users' behavioural intentions with fingerprint authentication at banks in Uganda. This was a cross-sectional field study wherein the data was collected from 211 participants of Uganda's ATM users for this quantitative kind of study. The data were analyzed using correlation and regression analysis. The results reported that facilitating conditions are strong predictors of behavioural intentions to comply with the fingerprint authentication policies of Uganda banks.
(Pahnila, Siponen, and Mahmood 2007) proposed a theoretical model in which they found that information quality had a significant effect on actual compliance, threat appraisal and facilitating conditions had a significant effect on attitude toward compliance, and sanctions and rewards did not influence intention to comply or actual compliance.
(S. Raschid Muller and Mary L. Lind 2020) stated that Facilitating conditions are not major factor for compliance for information assurance professionals but could be a significant construct for general public.

Hedonic Motivation
Hedonic motivation is explained as an intrinsic pleasure drive while adapting to technology (Chang 2012;Venkatesh et al. 2012). A number of researches has reported that hedonic motivation is also known as intrinsic motivation, directly impacts the technology adoption of the employees or individuals (Venkatesh et al. 2012). Moreover, (Brown and Venkatesh 2005) also find out that hedonic motivation is a significant predictor of technology use and behavioural intention for compliance with security policies. Additionally, (Yoo, Sanders, and Cerveny 2018) proposed a study to determine the influence of flow (which is a synonym of hedonic motivation) and psychological ownership on the security education, training, awareness, and compliance intention of the participants. To conduct this study, a survey methodology was chosen for data collection and the theoretical framework. The study results identified that intrinsic motivation or flow has a positive influence on the employees' security compliance intention.
In another study by (S. Raschid Muller and Mary L. Lind 2020), Hedonic Motivation is found to be a strong predictor of behavioural intention and thus have a significant impact on information security policy compliance. Similarly, (Lowry et al. 2013; Silic and Lowry 2020) also devised a non-significant relationship between security and hedonic motivation while working on their Hedonic-Motivation System Adoption Model (HMSAM).

Price Value
This factor is directed towards the users' perception related to the benefits of the application versus the monetary cost of its usage (Chang 2012;Venkatesh et al. 2012). In simple words, it means that the user's positive perception regarding the benefits of technology primarily impacts the intention of the user to bear the cost of a particular technology. So, this is a cost-benefit analysis by the user, which subsequently affects the user's usage intention regarding a technology (Venkatesh et al. 2012). (Chen, Ramamurthy, and Wen 2012) identified that reward is a beneficial technique to promote the employees' compliance behaviour. They argued that deterrence or penalties are sometimes ineffective in preventing the non-compliance behaviour of the employees.
However, rewards have a substantial effect in the direction of the employees' positive intentions regarding compliance with security policies.
Similarly, (S. Raschid Muller and Mary L. Lind 2020) in their studies concluded that in organizational environment, this construct has no major impact on compliance, but in individual capacity, this can be a strong predictor. As in organizational environment, the individuals have no concern with the cost implications as they are not paying the cost. On the other hand, cost or price value is a very strong predictor for compliance for organizations due to price of non-compliance or legal or regulatory issues (Haji-Tajuddin 2016;Hofbauer et al. 2019).

Habit
This construct relates to technology's automatic usage because of the habit (Venkatesh et al. 2012). It can also be conceptualized as the performance of an act based on an individual's prior experience. This is because, after extended use of technology, it becomes a habit that may be referred to as a well-learned action sequence that is stimulated based on some environmental cues (Sommestad, Karlzén, and Hallberg 2019) studied the relationship between the theory of planned behaviour and information security compliance. The hypothesis was tested using 645 white-collar workers; the data were recruited using random sampling and analyzed using correlation and regression analysis. The research results suggested that habit was one of the strongest predictors of information security policy's compliance. In the study performed by (S. Raschid Muller and Mary L. Lind 2020), habit is also a strong predictor of behavioural intention for ISP compliance but only hypothesized for information assurance professionals.

Behavioural intention
Niehoff et, al. in their study of the role of organizational behaviour in information system success, they found that organizational citizenship behaviour (OCB) ultimately leads to the effectiveness of ISS and OCB can improve individual and organizational compliance with information security policies which leads to success in information systems operations (Yen, Li, and Niehoff 2008). Similarly, gender, age, education, and years of work are essential for compliance with security policy (D'Arcy and Herath 2011; Herath and Rao 2009). Choi et al. (2018) find out in their study of Information Systems Security (ISS) of E-Government for Sustainability, that ISS breaches are becoming the norm rather than the exception, but ISS can only be achieved when employees fully and firmly embrace the concept by changing their behavior to comply with advanced ISS technologies (Choi, Lee, and Hwang 2018). They concluded that employees' behaviour directly relates to effective ISS compliance. The institutionalization of cyber security policies in practice encourages employees to adopt policies that make their behaviour more compliant.
Another primary reference to this relationship between cyber security compliance and In (Sohrabi Safa, Von Solms, and Furnell 2016) the authors state that sharing information security knowledge, collaboration, intervention, and expertise significantly affects employee attitudes towards compliance with organizational information security policies. Additionally, the results showed that personal commitment and norms influence employee attitudes. Also attitude towards compliance with information security policies of an organization strongly influences the behavioural intentions associated with compliance with information security requirements.
From the above studies, we have found that technology adoption factors are in one way or the other related to cyber security compliance. Therefore, it can be stated that Cyber security compliance, in a broader sense, is the adoption and acceptance of new technologies (AlQahtani and Braun 2020; Avina et al. 2017).
It is also pertinent to mention that most of the studies are either biased towards a specific factor, profession, group of people or domain. Similarly, from the literature, we have also devised that there are certain other formal and informal factors that also have significant influence on cyber security compliance. These are technical controls/ measures, accountability and monitoring and evaluation as formal factors, while organizational commitment and end-user awareness are informal factors.
In the next section, we have stated our proposed factors for cyber security compliance and further validated them through surveys and questionnaires.

Proposed Model
In developing the hypothesis to be tested, a detailed study of the prior literature on cyber security compliance, user behaviour towards cyber security compliance, UTAUT2 constructs and its relation to cyber security compliance is carried out. Literature posits that cyber security compliance can also be influenced and impacted by technical measures/ controls; accountability; monitoring and control; organizational commitment; and end-user awareness. In this study, we are focusing only on the formal factors. The informal factors will be discussed and validated in another study.
The below figure (Figure 1) is an abstract of our proposed enhanced UTUAT2 model for cyber security compliance.
In the next sections, proposed new factors are discussed in detail and validated for cyber security compliance. Technical security measures help in ensuring compliance towards protecting the information systems. In other words, we can state that technical controls are the major way to enforce and provide conditions towards security compliance. These can be explained through some examples.
Let suppose an organization has deployed a Data Loss Prevention (DLP) solution and a policy is enforced technical on the DLP that any document with Secret or Confidential Label will not leave the organization by any means like, not be printable, not being sent through email not copied to any removable media, not able to upload to any internet or cloud storage. Suppose an employee intentionally or unintentionally tries to send that document to someone outside the organization through email. When the employee selects the document to attach to email, the DLP solution detect the label and stop the process by warning the employee that this is against the security policy. In this way the employee willingly or unwillingly complies with the policy. The above example is a way to comply with a policy like "A prohibition on transferring sensitive data to another device not in compliance with the policy." Another example is, suppose the organization have a policy that the document/ data with Secret label at rest will be encrypted with AES-256-bit encryption. When the user/ employee creates a file with a secret label, the underlying security control for encryption will ask a key from the user for encryption. Now either willingly or not, the user has to supply a key for encryption. Thus, making enforced compliance.
Although these controls are most of the times not accepted willingly by the employees and creates stress but on the other hand makes the employees to comply with security policy. To investigate and test this factor further, following hypothesis are formulated: H1: Automatic Enforcement of Security Controls foster increase intent to comply with cyber security policy.
H2: Technical Security Controls are more helpful in following of security policies and compliance

Accountability
A promising way to change user behavior is through accountability. In other words, accountability is defined as "using pressure implicitly or explicitly to justify our beliefs and actions in front of others" This though of accountability will deter him to proceed with the task not complying with organizational policy.
To investigate and test this factor further, following hypothesis are formulated: H3: Increased perceptions of accountability by employees deter security controls and policy violations H4: Accountability is a significant predictor of compliant behavior among participants.

Monitoring and Control
Evaluation is the belief that "according to some basic rules, the performance of an individual will be evaluated and assessed by another individual and has some implied consequences" (Lerner and Tetlock 1999, p. 255). In particular, most of the information used in the assessment and evaluation comes from the monitoring process, therefore they are complementing each other. Monitoring is the process of observing and tracking a person's actions (manually or automatically) (Boss and Kirsch 2007; Griffith 1993). Therefore, our research has two foundations: (1) the organization tracks and observes (monitoring) a person's behavior (2) The person expects to be judged on the basis of observed or recorded behavior.
Research has shown that evaluation awareness improves socially desirable and acceptable behavior Monitoring and Control or in other words Monitoring and evaluation is another strong predictor of cyber security compliance. This construct is directly related to accountability, because without strong monitoring and evaluation mechanisms, the accountability cannot be enforced. If individual's perception of accountability is strong and observed by the individual, then the compliance behaviour will be strong.
For example, those who are aware of monitoring and evaluation, know that their work and behavior may be directly or indirectly observed by others, especially in the case of non-compliance and misconduct at work, i.e., by not following the cyber security policy requirements, will try their best to follow the policy.
Monitoring and evaluation can be used in the context of cyber security compliance as an effective way to support and facilitate security compliance. When such monitoring and evaluation is part of the regular IT and security management, such monitoring and evaluation is effective and makes insiders expect that they are being monitored for their actions towards compliance. Monitoring, evaluating and performing system audits are also used effectively to ensure compliance with data protection laws. To investigate and test this factor further, following hypothesis are developed based on literature review: H5: Monitoring and Evaluation that foster identification and accountability will increases socially desirable behaviours towards compliance.
H6: Monitoring and Evaluation decrease intent to commit cyber security policy violations.

Research Methodology
The present study utilized (Venkatesh et al. 2012) UTAUT2 model to find the relationship between technology adoption and cyber security compliance. In this specific document, the major UTUAT2 constructs are not directly assessed through survey but only three of the proposed factors, i.e., technical controls/ measures, accountability and monitoring and evaluation are assessed. In this study, we are focusing on the impact of these factors specifically on compliance. Other affects that are caused by these measures like stress, lack of motivation etc. are not part of this study.

Research Design
The research has used quantitative design undertaking survey method. Correlational study design is used in the research to find out the impact of independent variables (i.e., technical control/measures, accountability and monitoring and control) on dependent variables (i.e., compliance). (Salkind 2012) stated that "the correlation research method finds out the relationship between two or more variables."

Data Collection and Participants
A survey method was used to test our proposed model, a single survey was conducted for this study. The survey covers the three formal factors that influence cyber security compliance. Survey Monkey was used to develop the survey and distributed via different channels, i.e., WhatsApp, Emails, Facebook Messenger.
All the participants were working professionals from e-government organizations from Saudi Arabia. The questionnaires were distributed among almost 300 applicants, and 182 complete questionnaires were obtained, reflecting a response rate of 61%. So, the total data is taken from 182 participants (male = 131, females = 51) from diverse socioeconomic background. From the participants 72% were male and rest of 28% participants were females. 52.7 % of the participants were aged between 20-39. All of the participants have received at least graduation level education. Additionally, most of the participants (71.1 %) had more than five years of work experience belonged to IT/ Telecom field (64.7%). The participants were enrolled using mixture of purposive random sampling along with snowball sampling wherein, the initial participants were approached using referrals and then they were asked to refer further participants.
Furthermore, no inclusion and exclusion criterion were set other than the inclusion of the only participants working in e-government organizations in Saudi Arabia.

Procedure
First of all, the permission was taken to conduct this research from the university dean. After that consent form from the participant was also signed besides briefing them about the purpose of research. The participants were assured about the confidentiality of their data. The data was collected using online platform administering a questionnaire which was divided into three sections; research debriefing and consent form, demographic sheet and final questionnaires. The detailed overview of the questionnaire is given in the "Measures" section. These questionnaires were shared with the participants and they were asked to send back the filled questionnaire as soon as possible. Aside, the participants were also asked to only be part of research if they are willing to be. They were also requested to provide completed questionnaire and sincere responses without any kind of bias. Moreover, the participants were also asked to refer more participants for the research. The participants were administered four types of primary questionnaire along demographic sheet; technical control, accountability, monitoring and control and compliance. The statistical analysis is done using latest version of SPSS (version 24). The final results of the tests are described in detail under Result section along with a thorough discussion over them.

Ethical Considerations
The research was exactly done being within the boundaries of National Guideline Regarding Research Ethics in Saudi Arabia mentioned in book Research Ethics in Arab Region by (Silverman 2017). The current research is ethically approved especially because it doesn't include any human or animal harm. It also doesn't hurt any emotion or sentiments of Muslims. The permission from corresponding bodies is also taken to make this research ethically approved. Furthermore, the confidentially and privacy of the participant will be never breached. The data provided by the participants will be secured for 5 years and after that it will be discarded.

Statistical Analysis
For analysis of the data Statistical Package for Social Sciences version 24 was used. First of all, the data was exported from the questionnaire and entered into the SPSS. The coding for reverse item was redefined. The mean score of each scale was collected by adding up all of the items score and dividing by total number of items of the respective scale. High scores on Technical Measures, Accountability, Monitoring and Control and Compliance scales shows high level of corresponding phenomenon. The data was firstly run for descriptive statistics along with detailed output of outliers. The data met all of the assumptions of running a parametric test along with the normal distribution of data, depicted by absence of abnormal outliers. After that, "Pearson Correlation Coefficient" was employed on the data to find out the correlation. "Multiple Hierarchical Linear Regression" was also applied on the data to further validate the correlation results. The descriptive statistics included mean, standard deviation, frequencies and percentages, skewness and kurtosis of the demographic variables. Reliability analysis of the data was also done which was found satisfactory. The alpha level is set at α .05 in this study.

Measures
There were three basic sections of questionnaire: research debriefing and consent form, demographic sheet and final questionnaires. The first section briefed about the research's purpose and required a sign for consent to be participant of the research (See Appendix 1). The second section was referred to the demographics wherein various questions were asked regarding field and history of participant. The third was the main section of the questionnaire which included four questionnaires: technical control, accountability, monitoring and control and compliance. Each of them is described in detail below.

Demographic Sheet
The demographic sheet included 7 questions to inquire about the participant's age, gender, job position, organization, level of education, size of organization and work experience. This section was important to collect data about the general background of the participant to report about the field and other specific information of the participant so that research can be generalized accordingly (See Appendix 2).

Technical Control/ Measure
In the second section the questionnaire was about technical control and measures. The questionnaire consisted of 12 total items having same format of response. It is a 6-point Likert type scale wherein the answer to the question ranged from "Strongly Agree" to "Strongly Disagree". In SPSS "strongly agree" was codded as "6", "agree" as "5", "somehow agree" as "4", "somehow disagree" as "3", disagree" as "2" and "strongly disagree" as "1". For scoring there is not any kind of cut off scores and the technical measures' score is gauged from mean number, i.e., responses to the items will be summed up and divided with the number of items that is 10, to yield the final score. The questionnaire was in English language because the participants were from educated and belonged to different fields hence it was easy for them to answer the questions in English. High scores on this scale depicts strong implication and compliance with technical measures. Moreover, the items of the questionnaire were inclined to inquire about the participant's views about technical control and measures and the technical measures implemented in the corresponding companies to whom the participants were affiliated with. Finally, the reliability of this scale is tested using Cronbach's Alpha score that were 0.78 which means a high reliability (See Appendix 3).

Accountability
The second questionnaire is about accountability of the participants by their corresponding company.
This questionnaire consisted of pool of 15 items, having same format of response. The ranging and markings were same as other factors. The items of the questionnaire were inclined to inquire about the participant's views about accountability and if comply with the policies out of fear of accountability? So that the impact of accountability's fear can be gauged on compliance behavior of the participant. Finally, the reliability of this scale is tested using Cronbach's Alpha score that were 0.67 which means a good reliability (See Appendix 4).

Monitoring and Control
The third questionnaire inquiries about the monitoring and controlling employed on participant by their company, in order to find out the impact of monitoring and controlling on compliance behavior of the participant. This questionnaire consisted of pool of 10 items, having same format of response. The items of the questionnaire were inclined to inquire about the general view of the participants regarding monitoring and control along with the specific level of monitoring and control administered over them by their company. Finally, the reliability of this scale is tested using Cronbach's Alpha score that were 0.72 which means a moderate level of internal consistency of the scale (See Appendix 5).

Compliance
The fourth and final questionnaire is about Compliance. This will measure the scores of dependent variables. This questionnaire consisted of pool of 10 items, having same format of response. High scores on this scale depicts high level of compliance behavior of the participants with cyber security policies of their company. Finally, the reliability of this scale is tested using Cronbach's Alpha score that were 0.83 which means a high level of reliability with highest internal consistency related to the other used scales (See Appendix 6).

Technical Controls/ Measures
To investigate and validate this factor, following hypotheses were formulated: The existing literature also support the current findings of the research.

Accountability
The following hypotheses were hypothesized:

H3. Increased perceptions of accountability by employees deter security controls and policy violations
H4. Accountability is a significant predictor of compliant behavior among participants.

Monitoring & Control
The following hypotheses were hypothesized: H5. Monitoring and Control are significantly related to compliance.

H6. Monitoring and Control predicts the compliant behavior among participants.
These hypotheses were also supported by the results of PMCC and Multiple Hierarchical Linear Regression. The result of PMCC indicated that monitoring and control has significant relationship with policy compliance among participants. Similarly, Multiple Hierarchical Linear Regression also evidenced that monitoring and control is a weak predictor of compliant behavior among participants, thus rejecting null hypothesis.
The existing literature also have evidenced that monitoring and control has relationship and predicts compliance with policies by the employees. (Balozian and Leidner 2017) carried out research to identify the factors effecting the employee's behavior of compliance. The researchers found that monitoring and control were one of the factors that strongly effects the compliance behavior of the employees regarding security compliance. The variance of relationship strength between the cited research and the current research may be due to difference of context and geographical location where the research has been complied. Because the cited research is done among participants of western culture, while the current research has been done in the Saudi Arabian cultured companies and employees.

Theoretical and Practical Contributions
This study poses a number of theocratical and practical contributions towards user's cyber security compliance behaviours in organizations.
In theory, the study contributes to cyber security compliance by identifying new factors that directly impact user behaviours and attitude towards cyber security compliance. The authors identified and established that technical measures, accountability and monitoring and control have a significant impact on cyber security compliance in organizations. This will help organizations and governments to device strategies based on these factors for effective cyber security compliance for preventing security and data breaches.
This research demonstrates practical contribution on how to maintain effective cyber security compliance in public organizations by two ways. First, to identify and establish a strong relationship between the identified factors and cyber security compliance. Second, developing a preliminary framework for effective cyber security compliance based on the factors that affect cyber security compliance. It offers organizations and governments the opportunity to better plan cybersecurity strategies and cybersecurity investments. This can be done by focusing on the important factors that directly affect employee's security compliance and enhance e-government security in public sector organizations. When organizations know the crucial factors that affect cyber security compliance, they can create a supportive environment in which the employees will nurture effective security compliance.

Conclusion and Future Work
The aim of this research was to identify the factors that influence user behaviour towards cyber security compliance. For this purpose, five factors ─ Technical Controls/ Measures; Accountability; Monitoring & Control; Organizational commitment; and End User Awareness ─ were identified from literature and assessed for cyber security compliance in e-government organizations in Saudi Arabia. Several hypotheses were formulated and assessed through statistical analysis with the data collected through surveys and questionnaires. The participants were professionals from E-Government organizations in Saudi Arabia.
From the results, it has been found that technical security controls are helping users to follow organizational security policies, thus fostering cyber security compliance. Similarly, accountability has a significant impact of users towards cyber security compliance and increased perceptions of accountability by employees deter security controls and policy violations. It is also evidenced that monitoring and control has relationship and predicts compliance with policies by the employees. These are one of the factors that strongly effects the compliance behavior of the employees regarding security compliance.
By considering these factors, organizations and governments can better plan their cyber security strategies and cyber security investments. This can be accomplished by focusing on the key factors that directly affect employee security compliance and improve e-government security in public sector organizations.
Once organizations understand the key cybersecurity compliance factors, they can create an enabling environment in which their employees can develop effective security compliance.
In future work, the remaining factors ─Organizational commitment and End user awareness─ will be assessed in the context of E-Government organizations in Saudi Arabia. These factors will also be assessed for stress inducing in employee and effects on user productivity.

Declarations Ethical Approval and Consent to Participant
The ethical approval application was submitted to The University of Technology Sydney and obtained. The application included all the required consent to participant forms.

Consent to Publication
The consent to publication was obtained within the ethical approval application.

Availability of Data Materials
The data will be accessible by the researcher and his supervisor only and stored within the university polices.