Nowadays, it becomes clear that information security is one of the most basic issues that organizations need to focus on. Despite huge investments made by companies to keep their information systems safe, there are many information security breaches that infiltrate companies’ systems and consequently, these cost their reputation, affect customers’ confidence, and bring huge financial losses. Ethiopian companies are not immune to this security problem and there are many signs of information security breaches. The literature suggests that almost all investments in information security related issues are for technological solutions. However, this type of solutions alone does not work well, and according to some researchers, there is one significant element that has been given very little attention, the human factor. Most of the information security breaches are caused by employees who are the legitimate users of the company’s systems. So “how can we counter the illegal action of our own employees?” is the main objective this study tried to address. The findings showed strong evidence on the influence of contextual factors, national culture, on employees’ information security behavior and consequently it highlight the importance of taking some level of precaution when organizations introduce new policies or standards that are copied from abroad. Policy makers and ISS managers in Ethiopia, particularly at Information Network Security Agency (INSA), can learn how important it will be to modify or adapt their ISP, which was copied from ISO 27002, based on the findings of this study.

Keywords: Contextual factors, national culture, employees’ information security behavior, Financial Institutions, Information Systems Security