Driving Information Security Excellence in the AI Era: Examining the Dual Influences of Management Commitment and Employee Involvement

As Artificial Intelligence (AI) reshapes the cyber threat landscape with sophisticated automated attacks such as generative AI phishing and deepfake deception, organizations are compelled to shift from reactive defense to systematic proactive information security governance. This study explores the dual differentiated impacts of top-down management commitment and bottom-up employee involvement on enterprise information security management outcomes. Adopting a quantitative approach, we use structural equation modeling (SEM) to empirically test the theoretical model with valid survey data from 423 employees in technology-intensive and information-sensitive sectors—where AI-driven security risks are most prominent. The findings delineate distinct functional paths for the two factors: management commitment serves as a foundational structural driver, effectively facilitating the implementation of formal proactive security management and safe reporting climate mechanisms; employee involvement acts as a pivotal catalyst for dynamic security resilience, being the primary driver of proactive security management (including threat hunting and preemptive anomaly detection) and the cultivation of a psychologically safe reporting climate. Further, the study verifies that reporting climates play a critical serial mediating role in the transmission from organizational antecedents to individual security cognition, acting as key bridges to enhance employees’ AI security awareness. Collectively, these results confirm that technical defensive measures alone cannot address the complex and evolving AI-driven cyber risks; human-centric organizational factors rooted in genuine management commitment and meaningful employee participation are indispensable core elements for organizations to build a resilient digital defense system and mitigate such risks effectively.