In the information technology era, the banking industry must compete in an external environment characterized by high levels of uncertainty, complexity and change. Accidents in high-risk manufacturing organizations are generally related to safety studies. The researcher attempted to study "accidents" due to network vulnerabilities in IT-based organizations using the safety concept. This qualitative study is important because it provides analysis of IT support for organizational development. This study used multi-case study and grounded research approaches. The process of developing an information safety climate is considered an alternative solution other than technology. The study revealed that normal accident theory can be used to explain accidents in IT-based organizations. The process of developing an information security climate in banking organizations is categorized as the emergency type. The manifestation of information safety climate is attentiveness, accountability, ethical sensitivity, integrity and sustainability. Phases that need to be undergone in cultivating the safety climate are: adaptation, learning, awareness to risk, and resilience. Thus, it can be concluded that the climate of an IT-based organization is different from the climate of a non technology-based organization.

banking organization; information; safety; security climate

Ahlan, A. R., Lubis, M., & Lubis, A. R. (2015). Information security awareness at the knowledge-based institution: Its antecedents and measures. Procedia Computer Science, 72, 361–373. doi: http://doi.org/10.1016/j.procs.2015.12.151

Arachchilage, N. A. G., & Love, S. (2014). Security awareness of computer users: A phishing threat avoidance perspective. Computers in Human Behaviour, 38, 304–312. doi: https://doi.org/10.1016/j.chb.2014.05.046

Baskerville, R. & Siponen, M. (2002). An information security meta-policy for emergent organizations. Logistics Information Management, 15(5/6), 337-346. doi: https://doi.org/10.1108/09576050210447019

Bulgurcu, B., Cavusoglu, H.,& Benbasat, I. (2010). Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523-548.

Castiglione, N. D. (2002). “My social security number is”: Some common sense ways to fight identity theft. ABA Banking Journal, 94(12), 57-59.

Chan, M., Woon, I., & Kakanhalli. (2005). Perceptions of information security at the workplace: Linking information security climate to compliant behavior. Journal of Information Privacy and Security, 1(3), 18-41.

Dang-Pham, D. Pittayachawan, S., & Bruno, V. (2015). Factors of people centric security climate: Conceptual model and exploratory study in Vietnam. Paper presented at The 26th Australasian Conference on Information Systems. University of South Australia, Adelaide.

Dhillon, G., & Backhouse, J., (2001). Current directions in IS security research: Towards socio‐organizational perspectives. Information Systems Journal, 11(2), 127-153. doi: https://doi.org/10.1046/j.1365-2575.2001.00099.x

Dlamini, M. T., Eloff, J. H. P., Elff., M. M., (2009). Information security: The moving target. Computer & Security, 28, 189-198. doi: https://doi.org/10.1016/j.cose.2008.11.007

Franke, V. (2011). Strategic decision-making under uncertainty : Using case studies for teaching strategy in complex environments. Journal of Military and Strategic Studies, 13(2), 1–21.

Glendon, A.I. & Stanton, N.A. (2000). Perspective on safety culture. Safety Science, 34(1-3), 193--214. doi: https://doi.org/10.1016/S0925-7535(00)00013-8

Goo, J., Yim, M.-S., & Kim, D. J. (2013). A path way to successful management of individual intentions to security compliance: A role of organizational security climate. Paper presented at Hawaii International Conference on System Sciences.

Graham, J.R., & Harvey, C.R. (2001). The theory and practice of corporate finance: Evidence from the field. Journal of Financial Economics, 60(2), 187-243. doi: https://doi.org/10.1016/S0304-405X(01)00044-7

Griffin, M.A., & Neal, A. (2000). Perceptions of safety at work: A framework for linking safety climate to safety performance, knowledge, and motivation. Journal of Occupational Health Psychology, 5(3). 347-358. doi: https://doi.org/10.1037//1076-8998.5.3.347

Grote, G. (2007). Understanding and assessing safety culture through the lens of organizational management of uncertainty. Safety Science, 45(6), 637-652. doi: https://doi.org/10.1016/j.ssci.2007.04.002

Hiller, J. S. (2010). The regulatory framework for privacy and security. In J. Hunsinger, L. Klastrup, & M. Allen (Eds.) International Handbook of Internet Research (pp. 251–265). Dordrecht: Springer.

Ilvonen, I.(2011). Information Security Culture or Information Safety Culture-What do words convey? Paper presented at the 10^th European Conference on Information Warfare and Security, The Institute of Cybernetics at the Tallinn University of Technology, Tallinn, Estonia. Academic Confereeces International Limited, 148-154.

Jaafar, I.N.,& Ajis, A. (2013). Organizational climate and individual factors effects on information security compliance behaviour. International Journal of Busines and Social Science, 4(10), 118-130.

Kaleem, A. & Ahmad, S. (2008). Bankers’ perception of electronic banking in Pakistan. Journal of Internet Banking and Commerce 13(1), 1-16.

Kamp, J. (2001). It’s time to drag behavioral safety into the cognitive era. Professional Safety, October, 30-34.

Nasution, M, F, F, A. (2012). Institutionalization of information security: Case of the Indonesian banking sector (Unpublished doctoral dissertation). Virginia Commonwealth University, Richmond, Virginia.

Reason, J. (2000). Human error: Models and management. BMJ, 320(7237), 768-770. doi: https://dx.doi.org/10.1136/bmj.320.7237.768

Saint-Germain, R. (2005). Information security management best practice based on ISO/IEC. 17799. The international information security standard provides a framework for ensuring business continuity, maintaining legal compliance, and achieving a competitive edge at the core. Information Management Journal, 39(4). 60-62.

Schou, C. D., & Trimmer, K. J. (2004). Information assurance and security. Journal of Organizational and End User Computing, 16(3), 1-13.

Shrivastava, S., Sonpar, K., & Pazzaglia, F. (2009). Normal Accident Theory versus High Reability Theory: A resolution and call for an open system view of accidents. Human Relations, 62(9), 1357-1390. doi: https://doi.org/10.1177/0018726709339117

Stanton, J.M., Stam, K.R., Mastrangelo, P., & Jolton, J. (2005). Analysis of end user security behaviors. Computer & Security, 24(2), 124-133. doi: https://doi.org/10.1016/j.cose.2004.07.001

Vroom, C., & Von Solms, R. (2004). Towards information security behavioural compliance. Computers & Security, 23(3), 191-198. doi: https://doi.org/10.1016/j.cose.2004.01.012

Willig, C. (2008). Introducing qualitative research in psychology (2nd ed.). Berkshire: Open University Press.

Zacharatos, A., Barling, J., & Iverson, R. D. (2005). High-performance work systems and occupational safety. Journal of Applied Psychology, 90(1), 77–93. doi: http://doi.org/10.1037/0021-9010.90.1.77