Culture in higher education: An empirical analysis of employee perceptions and behavioural outcomes in the UAE.

This study explores the relationship between cybersecurity culture and employee behaviour in higher education institutions (HEIs) in the United Arab Emirates (UAE), using a cross-sectional, mixed-methods approach. The sample comprised 246 employees across faculty (43.5%), administrative staff (48%), and management (8.5%) roles, with varying levels of experience and technical readiness. Quantitative analyses revealed that perceived cybersecurity culture was the most significant predictor of behaviour (Spearman’s ρ = 0.62, p = 0.003), with behaviour scores ranging from 37.91 in “Developing Culture” contexts to 75.98 in “Exemplary Culture” settings. ANOVA results indicated significant differences in behaviour across role (F(2,83) = 5.72, p = 0.009) and experience levels (F(5,79) = 3.94, p = 0.021), with early-career staff scoring the lowest. Best practice adherence further explained behavioural variance (F(5,79) = 9.84, p < 0.001). Qualitative analysis identified three core challenges: restrictive system controls, outdated training, and leadership disengagement. These findings highlight the behavioural and contextual drivers of cybersecurity and emphasize the need for culture-first strategies that align institutional norms, communication, and leadership modelling with digital security objectives.