Impact of employees’ demographic characteristics on the awareness and compliance of information security policy in organizations

•This paper used demographic factors to develop profiles of employee awareness and their intention to comply with the PDPA.•Age, working industry and education levels have significant effects on information security policy awareness and compliance.•The findings are valuable in organizations’ plan to manage employee compliance level. To protect consumer information, many countries have begun enforcing the Personal Data Protection Act. Organizations are required to comply with this Act, failure of which may result in hefty penalties. To ensure compliance, some organizations have introduced their own information security policy to protect consumer information. A review of the literature shows that many employees are either unaware of the policy or tend to ignore it, which increases the risk of non-compliance. To help organizations manage compliance among their employees, in this study, we used demographic factors to develop profiles of employees’ policy awareness and their intention to comply. By having an understanding of employee profiles, effective and targeted strategies can be devised to educate employees accordingly. Our data from 607 respondents show that age, working industry and education levels have significant effects on information security policy awareness and compliance.