Mba Thesis Esami
Mba Thesis Esami
Mba Thesis Esami
(ESAMI)
OCTOBER 2022
DECLARATION
I, James Kateete, uphold that am the author of this thesis. During the period of my academic
stay at ESAMI, it is a reflection of my original research work carried out by myself under the
supervision of Dr. Caiphas Chekwoti. All academic work borrowed to support this study has
been out rightly acknowledged and has been duly referenced. I further add that this, area of
study is the first of its own and has not been previously used for any academic awards at ESAMI
and other institutions of higher learning.
Date ……………………………………….
Supervisor ……………………………………….
Date ……………………………
i
APPROVED
Date …………………………………………………
ii
DEDICATION
I offer this piece of work as a token of appreciation to my Creator, secondly to my wife and
children, to my late father Paul K Mukasa, and my mothers, Ruth Mukasa and Miriam
Nabasaku under whose instruction I have come up.
iii
ACKNOWLEDGEMENT
Am most grateful to my creator. My deepest thoughts of gratitude are with Dr. Caiphas
Chekwoti, Ph.D. Head of Trade Policy Training Centre in Africa – trapca. His challenging
advice was always crucial in refining my thoughts. His approachability allowed me a measure
of opportunity to engage in a consultation-continuous process throughout this study.
Am also grateful to all my classmates (Intake 42) who stood with me, at the time when it was
very trying for myself and family as I was on bed struggling with Covid-19 and at the same
time my father had been admitted and later departed on the 20th of June 2021. I will always
remember the supporting and encouraging telephone calls you all made which gave me a lot of
resilience. To you Yvonne Tumuheirwe at the time when I lost my father you came in handy
when you directed me to a funeral service company of professionals whose services were
excellent and gave me time to rest.
Umar Mulumba and Maama Ruth Nakibiranga Mukasa, Mr. & Mrs. Kinene, Mr. & Mrs.
Kalemeera, Mr. & Mrs. Walugembe, Uncle Edward Kajjoba, Sarah Namuwonge & Sister
Namazzi Racheal, a special thank you for looking after my dad at a time when he sought my
support and he couldn’t get it, but you stepped in for me. Am highly indebted to you.
There are people who intellectually inspired me: Dr. Edward Silvestre, Kaweesi of the
department of political science at Makerere University for accepting to be my mentor and
adviser, Associate Prof. Phillip Kasaija of Makerere University. Thank you very much.
Special appreciation to you Dearest Maureen Kateete for taking good care of our children:
Gideon, Benjamin and Paul during my long absence. Your prayers, patience have not been in
vain. I love you so dearly.
To the entire ESAMI Business School Team both in Kampala and Arusha, I say thank you very
for the support, every time I reached out to you for academic assistance you responded timely
and in professional manner. The level of academic tolerance you offered to me as an individual
student will never leave my mind. I appreciate you so much
Lastly to you my dearest friend Grace Natukunda of the OAG office, your tireless efforts to
see me academically succeed was a sign of deep-rooted affection. I appreciate everything you
have done for me and you are always on my mind.
iv
TABLE OF CONTENTS
DECLARATION ........................................................................................................................ i
APPROVED ..............................................................................................................................ii
DEDICATION ......................................................................................................................... iii
ACKNOWLEDGEMENT ........................................................................................................ iv
LIST OF TABLES ................................................................................................................. viii
LIST OF FIGURES .................................................................................................................. ix
LIST OF ABBREVIATION /ACRONYMS ............................................................................. x
ABSTRACT .............................................................................................................................. xi
CHAPTER ONE:INTRODUCTION ..................................................................................... 1
1.1 Introduction .......................................................................................................................... 1
1.2 Background .......................................................................................................................... 1
1.3 Problem statement ................................................................................................................ 6
1.4 Purpose of the study ............................................................................................................. 7
1.5 Specific Objectives of the study .......................................................................................... 7
1.6 Research questions ............................................................................................................... 8
1.7 Research Assumptions .................................................................................................... 8
1.7.1 Scope of the Study ............................................................................................................ 8
1.8 Significance of the study...................................................................................................... 9
1.9 Justification of the study ...................................................................................................... 9
CHAPTER TWO:LITERATURE REVIEW ...................................................................... 10
2.1 Introduction ........................................................................................................................ 10
2.2 Theoretical Review ............................................................................................................ 10
2.3 Implementation of basic security measures and business performance............................. 11
2.3.1 Security policies and business performance ................................................................... 11
2.3.2 Security awareness/training and business performance .................................................. 14
2.3.3 Management support to security team and business performance.................................. 17
2.4 Conceptual framework ....................................................................................................... 19
CHAPTER THREE:RESEARCH METHODOLOGY ..................................................... 21
3.1 Introduction ........................................................................................................................ 21
3.2 Definition of variables ....................................................................................................... 21
3.2.1 Business performance ..................................................................................................... 21
3.2.2 Implementation of basic security measures .................................................................... 21
3.2.3 Management support to security teams........................................................................... 21
v
3.2.4 Security policies .............................................................................................................. 21
3.2.5 Security awareness/training ............................................................................................ 21
3.3 Measurement of Variables ................................................................................................. 22
3.4 Research Design................................................................................................................. 22
3.5 Study Population ................................................................................................................ 22
3.6 Sample Size Determination................................................................................................ 22
3.7 Sampling Techniques ......................................................................................................... 23
3.7.1 Simple Random Sampling .............................................................................................. 23
3.7.2 Purposive Sampling ........................................................................................................ 23
3.8 Data Collection Methods .............................................................................................. 24
3.8.1 Questionnaire Survey ...................................................................................................... 24
3.8.2 Interview ......................................................................................................................... 24
3.9 Data Collection Instruments .............................................................................................. 24
3.9.1 Questionnaire .................................................................................................................. 24
3.9.2 Interview Guide .............................................................................................................. 25
3.10 Validity and Reliability of Research Instruments ......................................................... 25
3.10.1 Validity of Research Instruments .............................................................................. 25
3.10.2 Reliability of Research Instruments .............................................................................. 26
3.11 Data Collection Procedure ............................................................................................... 27
3.12 Data Processing and Analysis ....................................................................................... 27
3.12.1 Quantitative Data Analysis ........................................................................................... 27
3.12.2 Qualitative Data Analysis......................................................................................... 27
CHAPTER FOUR:PRESENTATION AND INTERPRETATION OF FINDINGS....... 28
4.1 Introduction ........................................................................................................................ 28
4.2 Response Rate .................................................................................................................... 28
4.3 Demographic Characteristics of Respondents ................................................................... 29
4.3.1 Respondents by Gender .................................................................................................. 29
4.3.2 Demographic Characteristics of Respondents........................................................... 29
4.3.3 Respondents by Marital Status........................................................................................ 30
4.3.3 Representation of Respondents by Age .......................................................................... 30
4.3.4 Educational Levels .......................................................................................................... 31
4.4 Empirical findings in line with the study's goals ............................................................... 31
4.4.2 Business performance of Maersk Agency Uganda Limited ........................................... 31
4.4.2 Security policies and business performance of Maersk Agency Uganda Limited ......... 33
vi
4.4.2.1 Correlation between security policies and business performance of Maersk Agency
Uganda Limited ....................................................................................................................... 35
4.4.3 Security training and awareness and business performance of Maersk Agency Uganda
Limited ..................................................................................................................................... 37
4.4.3.2 Correlation between security training /awareness and business performance of Maersk
Agency Uganda Limited .......................................................................................................... 38
4.4.4 Management support to security team and business performance of Maersk Agency
Uganda Limited ....................................................................................................................... 41
4.4.4.2 Correlations between management support to security team and business performance
of Maersk Agency Uganda Limited ......................................................................................... 42
CHAPTER FIVE:SUMMARY, DISCUSSION, CONCLUSIONS AND
RECOMMENDATIONS....................................................................................................... 45
5.1 Introduction ........................................................................................................................ 45
Discussion of the study findings .............................................................................................. 45
5.2.1 Security policies and business performance of Maersk Agency Uganda Limited ......... 45
5.2.2 Security training/ awareness and business performance of Maersk Agency Uganda
Limited ..................................................................................................................................... 45
5.2.3 Management support to security team and business performance of Maersk Agency
Uganda Limited ....................................................................................................................... 46
5.4 Conclusions ........................................................................................................................ 46
5.4.1 Security policies & business performance of Maersk Agency Uganda Limited ............ 46
5.4.2 Security training/ awareness and business performance of Maersk Agency Uganda
Limited ..................................................................................................................................... 46
5.4.3 Management support to security team and business performance of Maersk Agency
Uganda Limited ....................................................................................................................... 46
5.5 Recommendations .............................................................................................................. 47
5.6 Areas for further research .................................................................................................. 47
REFERENCES ........................................................................................................................ 48
APPENDIX A: Questionnaire ................................................................................................. 52
APPENDIX B: Interview Guide for Key Informants .............................................................. 55
vii
LIST OF TABLES
Table 4. 1: Response Rate ........................................................................................................ 28
Table 4. 5: Correlation Results for information distribution and stakeholder commitment .... 36
Table 4. 7: Correlation Results for security training /awareness and business performance .. 39
Table 4. 9: Correlation Results for management support to security team and business
performance ...................................................................................................................... 42
viii
LIST OF FIGURES
ix
LIST OF ABBREVIATION /ACRONYMS
IT – Information Technology
IS – Information Security
x
ABSTRACT
The study's intended to determine the impact of basic security measures on the business
performance of Maersk Agency Uganda Limited. It also investigated the impact of basic
security measures on the business performance of Maersk Agency Uganda Limited.
Specifically, it examined the effect of security policies on the business performance of Maersk
Agency Uganda Limited; find out the effect of security training and awareness on business
performance of Maersk Agency Uganda Limited; and establish the effect of management
support to security team on business performance of Maersk Agency Uganda Limited. Utilizing
a cross-sectional survey research design, that included quantitative and qualitative methods.
The study sample consisted of 116 respondents. Both simple random sample and purposeful
sampling were utilized. Data collection methods included interviews and questionnaires. The
linear link between the study variables was determined using Pearson’s correlation coefficient.
The research exposed; a weak significant positive correlation between security policies on
business performance of Maersk Agency Uganda Limited. (r=.413** p < 0.05); a moderate
significant positive correlation between security training /awareness and business performance
of Maersk Agency Uganda Limited. (r=.510** p < 0.05); and a weak significant positive
correlation between management support to security team and business performance of Maersk
Agency Uganda Limited (r=.343** p < 0.05). From the findings, it was concluded that security
policies, security training /awareness and management support to security team had a positive
relationship with business performance of Maersk Agency Uganda Limited. Accordingly, it is
recommended that management update security policies, revisit training content for Maersk
Agency Uganda Limited.
xi
CHAPTER ONE
INTRODUCTION
1.1 Introduction
Having a good security strategy in place can provide you, your security department and the
organization with a range of (overlapping) benefits (Kasali, 2011). Without a security strategy
it will often not be clear how the security function contributes to the overall aims of the
organization. A good security strategy helps an organization to have good security management
and indeed good corporate governance of the organization (Adekola, & Enyiche, 2017). This
study investigated the effect of basic security measures on business performance in Uganda
using a case of Maersk Agency Uganda Limited.
1.2 Background
The back ground of this study begins with the historic background, followed by theoretical
background, the conceptual in which the key variables in the study are mirrored and finally the
contextual background which relates with the existing situation in the study area.
From a historical perspective, the beginning of security measures is as old as the ancient
Egyptian empire during the time of the pharaohs. However, studies first locate the origin of
basic security measures in modern Europe during the industrial revolution. For example, a
study by Hassan Jan (2020) emphasized the value of knowledge of security to businesses little
startups or international conglomerates.
According to Gordon and Loeb (2006), security relates to a range of actions intended to protect
the entire system. (p. 16 and the infrastructure that makes its use easier. It consists of hardware,
software, and physical security. When the number of claims increases, workers and methods
increase, and when the management of an organization’s security gets more complex,
vulnerabilities escalate. Dhillon, (1999) recommends that to guarantee the protected use of
hardware and software in organizations, the security awareness program, as well as support of
the top management, should be higher.
Every organization needs protection. For example, customer contacts, and if the customer
database is lost, it may be difficult or next to impossible for them to track a business. this means
there is a violation of the rules of Personal Data protection. Secondly, in an innovative company
with sensitive research findings, it may cause financial losses in terms of time. security involves
dealing with risk and handling risk by detecting and assessing threats to assets in the
1
organization and taking actions to address the threats. When organizations fail to manage their
security, the organization's credibility and loss of money may occur (Jones,2007).
Contemporary international business practice demands that for governments and stakeholders
in business organizations security measures must be set in place and adhered to. For instance,
(G. Lykou, et al), advise that business ethics managers should recognize the importance of
having a code of business ethics to be observed by the employees to curb the number of
unethical practices annually
(Abdul Jalil, 2010) concurred with other scholars that Governments of different countries must
either prepare a code of business ethics and ask business organizations to use it properly among
employees or ask business organizations to prepare their own code of business ethics and
further use it in their organizations properly. The latter is known as self-regulation and usage
of business ethics in business organizations on their own initiative. (Abdul Jalil, 2010) further
advises that the best way to use business ethics is for the government to prepare a code of
business ethics in consultation with the association of business organizations and ask them to
practice those ethical principles effectively and completely. The government should have a
monitoring branch to monitor the practice of the ethical standards
On the regional and Ugandan perspective security for business environment, seems to be a new
concept, which majorly addresses human and political threats. The business environment in
Uganda is largely informal and therefore with low levels of technology. However, there is a
level of technological growth which comes from the approval of foreign companies in form of
Foreign Direct Investment benefits which has influenced some local companies toward
business security
From a conceptual perspective, basic security measures which forms the independent variable
of the study has been defined as the operationalization of security policies the and creation of
awareness of employees through training and offering management support to security teams
in the organization with the main object of securing critical assets. Whereas business
performance in this study means the ability of a business entity to effectively efficiently,
2
sustainably, and profitably allocate resources with the aim of offering a product or service that
meets consumer/customer expectations while making a profit.
In the current situation, Uganda has gone through a number of economic stages, all in the name
of transforming the business sector. According to the (District Team Report, 2007), measures
were employed with the main object of boosting economic performance. It’s widely believed
that business security leads to sustainability and profitability in the long run. On the contrary,
reports indicate that many of Uganda’s young business startups die at the second anniversary
(Tashabomwe, 2006). Hence if Uganda is to realize improved business performance in terms
of sustainability, profitability effectiveness, and efficiency and therefore penetrate the global
business network business security must be incorporated.
Business performance has been a source of concern for both academics and practitioners. This
is evidenced by a plethora of existing literature and studies focusing on how it can be improved
at both the micro- and macro-levels (Jing & Avery, 2008). The significance of business
performance stems from the fact that significant resources are invested in it. Furthermore, as
observed by Schumpeter (2003), business growth will implicitly reflect a nation’s economic
development. Numerous studies have attempted to comprehend and explain the factors that
contribute to business success or failure (Pesanen, 2013).
As business performance is not easy to achieve at a domestic level due to international
competition, procedures, restriction and formalities, basic security measures becomes a
necessity to any business entity, because business performance offers huge business
opportunities for profitability and sustainability.
Poor performance and high failure rates among SMEs, in particular, have been areas of
scholarly and policy concern (OECD, 2014; Global Entrepreneurship Monitor (GEM), 2014;
Neneh, 2012; Kze, Thiam, and Seng, 2013). According to Hone and Eloff (2002), the key
concern of an establishment’s security controlling is security policies. Organizations require a
security policy in order to protect their critical resources. The security policy explains The do’s
and don’ts to the staff, as well as what acceptable behavior is expected of them in order to
secure the organization.
Besides that, according to Peltier (2005), security policy provides management with security
direction and support. According to Von Solms (1999), Canavan (2003), and Doherty and
Fulford (2005), setting standards is a good place to start when developing a security policy to
3
improve organizational security. The security policy should be tailored to the organization’s
strategy. Many security procedures in corporate and business environments necessitate routine
repairs and need for constant monitoring. It is strongly advised that organizations practice
security measures in order to maintain a high level of integrity and minimize risk. (Topalov,
Zavulunov, Davis Morriss & McMillian, 2015).
Technical and organizational security measures are almost always required in order to
minimize risk while maintaining the organization's confidentiality, manageability, and
scalability. Policies and regulations, for example, enable an organization to maintain,
administer, and audit its security (Topalov et al., 2015). If the organization is threatened or
attacked, the measures help to mitigate risks and quickly device countermeasures (Topalov et
al., 2015). Organizations must have strong security measures in place because not having them
could mean the difference between an organization remaining in business for a long time and
filing for bankruptcy (Topalov et al., 2015).
Security has been essential to humanity since the dawn of time, and its significance cannot be
overstated. According to Dempsey (2008), people have had the right to defend themselves
against any threat since time immemorial. The Salafi-jihadist organization al-Shabaab, based
primarily in Somalia, poses the most serious terrorist threat in Eastern Africa (Elowson & de
Albuquerque, 2016). Al-Shabaab became an al-Qaeda affiliate in 2012. Al-Shabaab adopted a
more regional strategy as a result of this as well as military setbacks within Somalia, leading
to an increase in overt terrorist tactics like attacking civilian targets in neighboring nations,
which led to the emergence of a significant transnational threat (Elowson & de Albuquerque,
2016).
Terrorism, on the other hand, has incurred and continues to incur significant economic and
human expenses. For instance, the worldwide economic effect of terrorism in 2015 was $89.6
billion, only 15% less than the previous year’s total of $105.6 billion. Terrorism’s overall costs
have increased eleven times in the last 15 years (Dudley, 2016). Given that the number of
terrorism-related fatalities rose from just over 11,000 in 2007 to over 26,000 in 2017, the
human cost of terrorism is equally overwhelming. Terrorist attacks increased from
approximately 2,800 in 2007 to approximately 11,000 in 2017.
Because of the rising financial and social costs of terrorism, many empirical studies have been
conducted to determine the impact of terrorism on business performance for example, (Abadie
4
& Gardeazabal, 2008; indicated that the GDP of Spain declined by 10% between 1980 and
1990, (Gaibulloev and Sandler concluded that terrorism reduces the level of foreign direct
investment (FDI) as well as reduces gross domestic product growth rates (GDP)
Businesses in Uganda continue to face high failure rates in terms of annual closures
(Turyahebwa, Sunday & Ssekajugo, 2013; Kazooba, 2006). According to some reports, the
rate of collapse in Uganda is greater than 50% per year (UBOS, 2019). Several studies have
identified poor managerial supervision, a lack of business management, entrepreneurship, and
managerial incompetence in terms of skills, knowledge, and experience as some of the internal
causes of Ugandan business failures (Turyahebwa et al., 2013).
However, compared to developed and emerging economies, few studies have examined how
terrorism affects organizational performance in emerging economies (Arasti, Zandi &
Bahmani, 2014). Given that terrorism is likely to persist for a very long time, businesses that
conduct business internationally face a new kind of risk (Jain & Grosse, 2009).
This study is thus intended to contribute to the current inconclusive debate on the effect of
basic security measures execution on business performance from the perspective of businesses
in developing economies. Maersk Agency Uganda Ltd is located on 5th Street Industrial Area
in Kampala in Uganda. At Maersk, the strategic vision is to become the Global Integrator,
offering truly integrated logistics solutions that connect, protect and simplify customers’ supply
chains.
The goal of Maersk's strategy is to provide customers with value in the form of improved
supply chain outcomes, increased transparency and control, and ultimately lower end-to-end
costs. These solutions must be integrated to cover all phases of the supply chain.
In 2021, extraordinary growth and shifts in demand combined with continued lockdowns in
countries and regions still battling the challenges of the COVID-19 pandemic brought out
exceptional bottlenecks in shipping and logistics supply chains. In this climate, Maersk
continued to be guided by the priorities to care for colleagues, support and deliver value to
5
customers, and help society recover, and the company launched accelerated targets and took
substantial action towards the goal of decarbonizing logistics by 2040.
Post-tax impairments of USD 2.8 billion (USD 2.6 billion) primarily relating to Maersk
Drilling of USD 1.4 billion (USD 27 million) and Maersk Supply Service of USD 1.2 billion
caused Maersk to deliver an unsatisfactory loss of USD 1.9 billion (profit of USD 925 million)
(USD 0m). The underlying profit was USD 711 million, in line with the most recent guidance
given in November (USD 3.1bn). A negative 2.7% (positive 2.9%) return on invested capital
(ROIC) was achieved. The negative free cash flow was USD 29 million (positive USD 6.6bn
including the sale of shares in Danske Bank of USD 4.9bn).
Business entities face the risk of attacks, fraud, and theft of business information systems, and
breakdown of critical infrastructure resulting in an estimated financial loss of 37% from
security incidents (Bojanc & JermanBlazic, 2013; Green, 2015). The increased use of basic
security measures is intended to create a secure environment that is supposed to propel business
performance (Lensink, Servin & Berg, 2017).
Business entities have tried to hire security guards and procure security systems (Bahl & Wali,
2014). Despite the above interventions, for a number companies in Uganda, low business
performance is still a challenge (UBOS, 2019). It is unclear how much business entities'
performance is impacted by the adoption of fundamental security measures. In light of this, the
study used the case of Maersk Agency Uganda Limited to examine business performance in
the east African region following the execution of basic security measures.
6
1.4 Purpose of the study
To investigate the effect of basic security measures on business performance of Maersk Agency
Uganda Limited.
7
1.6 Research questions
i. What is the relationship between security policies and business performance of Maersk
Agency Uganda Limited?
ii. What is the relationship between security training/ awareness and business performance
of Maersk Agency Uganda Limited?
iii. What is the relationship between management support to security team and business
performance of Maersk Agency Uganda Limited?
iv. What is the effect of basic security measures on business performance of Maersk
Agency Uganda Limited?
1.7 Research Hypotheses
i. There is a positive significant relationship between Security policies and business
performance of Maersk Agency Uganda Limited.
ii. There is a positive significant relationship between Security training/ awareness and
business performance of Maersk Agency Uganda Limited.
iii. There is a positive significant relationship between Management support security team
and business performance of Maersk Agency Uganda Limited.
iv. Basic security measures affect business performance of Maersk Agency Uganda
Limited.
1.7.1 Scope of the Study
1.7.2 Geographical Scope
This study was carried out at the head offices of Maersk Agency Uganda Limited, located at
plot 3 portal avenue (for management staff) and 8th street industrial area (operational offices)
in Kampala. A careful selection was done based on the knowledge levels of how basic security
measures or policies have been observed and how it has impacted the business performance of
Maersk Agency.
1.7.3 Content Scope
The study focused on basic security measures as independent and business performance as
dependent variable. Basic security measures were examined in terms of security policies,
security training/ awareness and management support to security team and business
performance was investigated in terms of profitability, sustainability, efficiency and
effectiveness.
1.7.4 Time Scope
8
This study focused on basic security measures and business performance in the last seven years
(2015 to 2022). This time scope was proposed for the study because there is little and scanty
scholarly work in relation to the variables under study in the context of Uganda.
9
CHAPTER TWO
LITERATURE REVIEW
2.1 Introduction
The study investigated the relationship between basic security measures and business
performance of companies. This chapter presents the theoretical review, a review of literature
relating to the study objectives.
2.2 Theoretical Review
Industrial Organization Theory (Corley, 1990) was applied in this study. The Social Control
Theory contends that the presence of a powerful guardian, the target, and the offender
encourages the commission of a crime. The premise of industrial organization theory covers
how an organization interacts with its internal and external environments. Industry competition
primarily defines the external environment, while employee competence levels that increase
organizational effectiveness explain the internal environment.
When the term "industry" is used in the context of industrial organization theory, it refers to a
group of businesses producing similar goods or services. The theory is speaking to this study
because it examines how the application of fundamental security measures affects business
performance. The effective provision of security is dependent on how an industry participant
uses technology to gain a competitive edge.
According to the industrial organization theory, a company's market is more important than the
company itself (Ramsey, 2001). The structure-conduct-performance model, which claims that
there is a "causal link between the structure of a market in which a company operates, the
organization's conduct, and, in turn, the organization's profitability performance," reflects this
(Ramsey, 2001). Thus, according to Ramsey (2001), the central analytical component of the
industrial organization theory can be used to identify the strategic choices that firms in a given
industry have. This theory concentrates on the entire industry and market conditions of a
company (Porter, 1981, Deceit al. 1997).
The industrial organization theory supports the five forces model, which includes the threat of
new entrants, the threat of substitute goods, buyer bargaining power, supplier bargaining
power, and rivalry among existing competitors, all of which give an organization bargaining
power in the market (Porters, 1985). The industrial model enables organizations to compete in
the production of goods and the provision of services.
10
According to Hilt et al, 2005, firm managers are responsible for developing sound strategies
that will keep the organization competitive at all times. The organizational management lines
that report directly to the departmental managers and the directors. According to the theory, in
order to manage the industry objective, every organization must run and operate in a stable
market while maximizing available resources (Bain, 1968). The effective application of the
five forces and competition rules provides the organization with bargaining power with its
suppliers, buyers, and high-level competitive strategies among market participants.
An enterprise security policy (ESP) creates the strategic direction, choice, and environment for
a company's security efforts while also assigning roles and responsibilities for various aspects
of information security. The EISP includes instructions for creating, executing, and managing
the prerequisites for the information security program (Whitman & Mattord, 2014).
11
According to (Whitman & Mattord, 2014), system-specific security policies (SSSP) are distinct
from other types of policies. They are frequently designed to serve as standards or procedures
for designing or keeping systems, for example the structure and operation of a network firewall.
There are two types of system-specific security policies:
Management guidance SysSP: management direction: The SysSP script is created by board
and contains direction for the application and alignment of technology as well as the
explanation of practical behavior that people in the organization should support information
security (Whitman & Mattord, 2014; Honovich 2008). Hands-on requirements SysSP: the
administrative policy is developed in collaboration with the executive and the system
administrator; the system supervisor may need to develop an additional type of policy to
execute the decision-making policy. For instance, if the issue specific security policy requires
that user PINs be changed every quarter, system administrators can follow a procedural control
within a specific request to enforce this policy (Whitman & Mattord, 2014).
According to Zander, (2009); Brooks & Cork ill (2012), the creation of an information security
policy (ISPD) document may necessitate a high level of involvement not only from information
security groups (ISG), on the other hand also from other information security employees within
the organization. To certify that the project gets adequate funds, stakeholder acceptance need
to be established at the flinch of the policy development project.
Relatedly Latham (2013) and Gill et al. (2005) further explain that management must
understand the significance of the policy development project in order to allot resources in later
phases According to Latham (2013), in order to ensure that the organization’s information
security policy (OISP) is a useful, and procedure documents that suit the employee behavior
must be developed.
It is thus critical to involve and obtain support from all key players in policy development,
including the board members, legal team, workers, and system managers. Latham (2013),
observes rightly that in order to achieve successful execution, it is critical to communicate the
need for and significance of ISP to those who must operationalize them. Employees frequently
believe that policies will obstruct their ability to perform their daily tasks.
Communication of the information that policies are useful is an important part of policy
development and ensuring that policies are in place and not refused by employees (Fischer et
al., 2013; Smith & Brooks, 2013). Accordingly, this can be accomplished by providing a
12
charter within which teams can work, a locus for best practices, and ensuring that employees
follow all statutory obligations.
In light of the alarming threat landscape that exists right now, businesses all over the world see
robust security as a crucial area of focus. However, it is still unclear how businesses will adopt
a cybersecurity culture. There is little reason to anticipate that security procedures will be
executed correctly unless the organization educates its users. By making security references
easily accessible, you can raise security awareness (Cram et al., 2017). Making security training
a priority is one of the most important factors in developing a strong cybersecurity culture for
businesses (Cram et al., 2017). In addition, they must annually measure and evaluate
employees’ perspectives on security, resulting in increased awareness and improved security
(Cram et al., 2017).
Cram, Proud foot, and D’Arcy (2017) investigated the application of organizational policies to
the prevention, detection, and response to security incidents of users of information and
technology resources. However, it has been challenging for researchers and practitioners to
comprehend the current state of knowledge regarding the formation and effectiveness of
security policies in organizations due to this expanding (and at times conflicting) body of
research.
As a result, the goal of this paper is to combine what is known and what is still unknown about
organizational information security policies in order to gain a comprehensive understanding of
this field of study and identify promising future research avenues. Cram et al. (2017) examined
114 significant journal articles related to security policy and identified five fundamental
relationships examined in the literature. Cram et al. (2017) provided a research framework that
synthesizes the construct linkages found in the existing literature. They propose a revised
framework that can be used as a foundation for future research by identifying a number of gaps
and drawing on additional theoretical perspectives based on our analysis of these results.
Workers will be far more inclined to read the information security policy document and ensure
compliance once they realize it will help them in their daily work. Similarly, when top
management accepts that policy is a tool they can use to help ensure adherence to relevant
legislation and effective data security management. Zurawski (2010) correctly remarks that
management may be more helpful and supportive in providing funding and other resources
13
(Zurawski 2010), further explains that, top management can also help with the development,
and maintenance of information security policies by preserving the subsequent policies across
the organization and driving efforts into the execution stage. Top management should also be
prepared to support projects that are mandated by policy in order to ensure compliance. This
assistance is critical to the policy’s long-term viability (Latham,2013).
Dhillon (1999), defines training as the process of teaching consumers what is acceptable and
what is not, and how to do it. Security awareness is defined as the state in which all personnel
in an organization are cognizant of or actively involved in the security goals and mission of
their organization (Siponen, 2000). Workers are educated on potential threats to an
organization’s network assets, how such threats may arise, and how to handle the
organization’s information securely.
Abawajy and Kim (2010) looked into which method of teaching security awareness is most
effective. According to Abawajy & Kim (2010), an increased focus on information security
awareness and training is required to lessen the threat to information security posed by human-
related vulnerabilities. With the intention of determining user preference for delivery methods,
Abawajy and Kim (2010) conducted security awareness training using a variety of delivery
methods, including text-based, game-based, and a brief video presentation. According to
Abawajy and Kim (2010), a combined delivery method is superior to a single security
awareness delivery method.
Many firms struggle with numerous security vulnerabilities caused by their own personnel
(employee mistakes), also known as insider risks. Al-Awadi & Renaud (2007), emphasize that
security teaching must be customized to meet the needs of the users. User training, according
to Whitman and Mattord (2014), can be tailored to their specific functional background. This
strategy includes general user training, administrative user training, and technical user training.
Training for ordinary users:
14
Policy training is the most effective strategy for ensuring that ordinary users read and
understand the policies. Training enables consumers to analyse situations and get assistance.
These common users are also trained on how to conduct their jobs safely, such as appropriate
security practices and password management. Training for management users: Managers want
more personalized training, delivered in small groups with more interaction and discussion.
Technical user training: This is technical training (TT) for IT employees, which may include
the employment of a consultant or outside training firms.
Shaw et al. say that (2009), the following are the three primary obstacles to information security
awareness:1) the general awareness of security, the computer skills of employees, and the
budgets of the organization. In order to overcome these three obstacles and raise awareness of
information security, online learning appears to be a viable alternative. Shaw et al. say that (In
2009), three levels of security awareness were identified: comprehension, perception, and
projection. Shaw and others2009) discovered that (1) Students who understand more clearly at
the perception and comprehension levels can comprehend more clearly at the projection
level;2) Students who are presented with text perform better at the perception level; (3)
Multimedia content improves comprehension and projection performance for students.
Finklea & Theohary (2015) suggests therefore that all business need to appreciate that security
is an unavoidable overhead if they have to preserve their premises physically secure.
Nevertheless, not every company would agree with Dalton that, “security management is not
an odd-but-necessary back-lot function, but rather a vital business function that is essential to
any organization’s continued viability” (Dalton 2013). Kovacich and Halibozek (2013),
support the same view that organizations are more likely to agree that security is a “necessary
evil” (and they have no choice).
15
Most corporations devote the majority of their efforts to increasing business in order to increase
profits (Bader & Schuster, 2015). This can imply that security requirements are not given
enough time and are not as thoroughly considered as they should be. Many organizations,
according to Yates (2013), have not incorporated security into their philosophy, as solutions
for example, hiring a former police officer as a security guard. A significant failure has
occurred when it comes to identifying best security practices, enhancing security, as opposed
to merely adding security to already-existing practices; to reinforcing activities in organizations
such as routine security updates, security education, and reward system for security conscious
behavior; to provide security training, education, and competence to lay the groundwork for
effective local security (Yates, 2013).
Aslam & Kang (2015), also elucidate that some executives regard security as an obstacle to
business and efficiency If, for example, a business meeting is postponed due to security
requirements to enter a specific area of a constructing, security may be said to be threatening
business. A complainant may disregard the fact that the security requirements are well exposed
and that the majority of corporation employees have no concern establishing their plans around
those requirements.
16
According to the United Nations Archives and Records Management Section (UN ARMS),
security procedures require accurate and up-to-date records of assets are kept in order to
expedite investigation in the event of theft (Records and Information Management Guide Sheet
No. 8). However, if those requirements are deemed onerous or simply inconvenient, they may
be ignored as well. On the other hand, still staff who develop a conviction not to abide by
security requirements may refuse to wear their corporation ID badge, or argue about signing in
a visitor - may use the alleged nuisance value of security. Senior management must support
corporate security in order to create a security-conscious workplace.
The direct impact of upright security on a company’s marketable health is that it keeps the
industry’s assets protected. As a result, the assets can be used, the additional costs associated
with changing them are avoided, and potentially larger damages due to cost of business or
failure to service clients are avoided. On the contrary sound security can actually increase a
company’s business opportunities. A shopping mall, for example, that is known to have
respectable security may actually attract more clients from other shopping centers where
customers may feel less safe. These intangible benefits are captured by Yates (2003) in what
he refers to as the “security dividend.”
However, there are many options available for physical security with lots of benefits. The first
is perimeter security, which consists of turnstiles, mantraps, fences, and electric fences. Safe
locks with difficult-to-copy keys. To effectively run their business, a company needs
administrative, technical, and physical control. Construction, site location, and emergency
response are administrative controls. Technical controls include CCTV, smart cards for access,
and guards. Physical controls include intrusion alarms and perimeter security.
Management is concerned about information security but is unwilling to take any action.
Management support is essential because if senior management truly understands the
importance of information security in the business, management will place more effort into
executing it and workers will become more involved (Hone & Eloff, 2002).
Moreover, Doherty & Fulford (2005), emphasizes still that when establishing information
security in enterprises, the money is equally significant. Organizations must have adequate
funding in order to start a good information security (IS). Rendering to Bjorck (2002), a budget
is a financial facility that may assess expenses and evaluate access to resources required to
successfully execute information security.
A budget might contain both technical and instructional charges. The technical cost includes
all of the materials required to secure the computer’s security, such as antivirus software that
protects against viruses and internet assaults, as well as a security measure that protects system
connections. The educational cost includes all expenses, for example, on preparing security
training for staff. Hiring an external expert or outside training groups may be required for
security education.
The information security policy aids in the identification of the organization’s critical assets. It
also assists companies in achieving a good performance. It is critical that the policy be simple,
clear, and explicit. On a regular basis, the policy must be reviewed and modified (Hone &
Eloff, 2002).
A security system for a business gives you and your employees more peace of mind, lower
insurance costs, and a safer working environment. Commercial security systems include a
variety of standalone or integrated configurations that carry out one or more of the following
tasks: video surveillance, entry alarms, fire, heat, and/or water detection, and/or premises
access control (Fischer & Green, 2004). Fan (2013) argued that the practice of outsourcing
security services by financial institutions has been in Nigeria for long. There are various
reasons put forward which have contributed to the popularity of security outsourcing in that
country. For instance, it is risk transfer: - when commercial banks outsource security guard
services, they transfer some of the liability risk to the security guard company.
18
In South Africa, there is not adequate public security to cater for private businesses effectively
and therefore, these businesses like commercial banks turn to private security companies for
security services (Gilley & Rashid, 2010).
2.4 Conceptual framework
Independent Variable
Management support to
security teams
Budget
Enforcement
Figure 1.1 assumes that effective basic security measures in respect to enterprise security
policy; issue specific security policies; systems specific security policies determination
19
significantly the high-levels of improvement in business performance in regards to
profitability; sustainability; efficiency and effectiveness
20
CHAPTER THREE
METHODOLOGY
3.1 Introduction
This chapter research methodology describes the research design, the study population, sample
size, data collection instruments, sampling techniques, validity and reliability of instruments,
research procedure, data processing and analysis procedures and ethical considerations
3.2 Definition of variables
3.2.1 Business performance
Business performance is defined as the ability of a company to effectively, efficiently and
sustainably use optimal organizational resources with the aim of offering a product or service
that meets the expectations of consumers and customers while making profit. The indicators
for business performance were profitability, sustainability, efficiency and effectiveness.
3.2.2 Basic security measures
Basic security measures refer to the employment of security policies, creation of security
awareness of employees through training and offering management support to security teams
within an organization.
3.2.3 Management support to security teams
Effective management support can take many different forms, such as involving employees in
significant decisions, providing them with clear performance reviews, and assisting them with
challenging tasks. The indicators of management support to security teams were budget
released and number of security policies enforced.
3.2.4 Security policies
Security policies refer to clear, comprehensive, and well-defined plans, rules, and practices that
regulate access to an organization’s system/premises and assets. The number of issue-specific
security policies and the number of system-specific security policies were the indicators of
security policies.
3.2.5 Security awareness/training
A formal process called security awareness/training teaches staff members and other
stakeholders—such as contractors and business partners—how to defend an organization's
computer systems, along with its data, clients, and other assets, against threats or criminals.
Information sharing and instruction giving were the indicators of security awareness/training.
21
3.3 Measurement of Variables
Measurement of variables was done to show how each category of questions in the instruments
that were used is handled to come up with the necessary information. This was done to
background information of respondents (categorical data), independent and dependent
variables and the non-categorical information that was obtained from interviews.
The categorical variables were measured using the Nominal scale, with numbers being assigned
to each category only to identify similar objects within a category from elements in another
category that were different. The non-categorical was studied and the narrative was made so as
to fit in the objectives of the study. This was done in establishing how basic security measures
affects business performance.
The ordinal measurement scale composed of discrete variables was used by the researcher. This
scale includes variables that generate rank able responses. Due to the use of a five-point Likert
scale in this study, the level of agreement could be ranked from strongly disagree as response
1 to strongly agree as response 5.
22
from the Uganda Investment Authority) and the numbers below were chosen after considering
the Crecy and Morgan Table (1970) recommendation, Amin (2005).
Figure 3. 1: Distribution of Population, Sample size and Sampling Techniques
Category Target Population Sample size Sampling technique
Inspector of Police 1 1 Purposive sampling
UIA officials 2 2 Purposive sampling
General Mangers 4 4 Purposive sampling
Finance officers 8 8 Purposive sampling
Employees 139 103 Simple random sampling
Total 150 118
Kombo and Tromp (2006), define sampling techniques as methods used by researchers to hand-
pick the appropriate study sample. The following simple random sampling and purposive
sampling techniques were used:
By selecting a sample at random, each member of the defined population has an equal and
independent chance of being chosen (Magenta & Magenta, 1999). The 103 employees of the
foreign company were chosen using this method. From 1 to 139 random numbers were written,
folded, and thoroughly mixed before 103 were selected. In this situation, each name had an
equivalent chance of being picked.
23
3.8 Data Collection Methods
The information was gathered through both qualitative and quantitative methods. The
questionnaire Survey, as well as interviews, were used to collect data for the study.
3.8.2 Interview
An interview refers to a face-to-face oral / verbal conversation in amid the researcher and a
respondent in which opinions are communicated and documented (Kombo et al, 2006). An
interview guide with structured interviews was created and distributed to the General
Managers, Finance Managers, Inspector of Police, and Uganda Investment Authority officials.
This method was chosen because it produces data that is comprehensive in nature. Interviewing
was also an effective method for gathering information based on informants’ priorities,
opinions, and ideas. Informants were given the opportunity to elaborate on their ideas, explain
their points of view, and identify the most important factors in their opinion (Magenta &
Magenta, 1999; Amin, 2005).
3.9.1 Questionnaire
Closed-ended questions were used for this study as it was deemed most suitable in regard to
simplicity of completing it, saving time and keeping respondents on topic while keeping the
focus on the main objective. (Magenta & Magenta, 1999). The questionnaire used a 5-point
Likert scale with the possible responses ranging from 5=strongly agree (meaning in agreement
24
without a doubt); 4=agree (meaning agree with some level of doubt); 3=Not sure (meaning not
being very sure); 2=disagree (meaning disagreeing with a degree of doubt) and 1=strongly
disagree (meaning disagreeing with no doubt at all). The questionnaire was systematically
organised to include demographic characteristics of respondents, basic security measures and
business performance.
25
CVI = Number of relevant x 100
Total number of items
n Vi
1
n 1 Vtest
α = Alpha coefficient
Where;
n = Number of items in the instrument
∑ = Summation
Vi = Variance of scores on each item
Vest = Total variance of overall scores (not %’s) on the entire test
Figure 3. 2: Reliability Statistics Results
Cronbach’s Alpha Number of Items
Business performance .943 4
Security policies .822 4
Security awareness/training .826 5
Management support to security teams .887 4
Source: Pilot Study, 2022
26
Table 3.2’s reliability statistics reveal good reliability coefficients, indicating that all
subcategories were included in their proper proportions (Amin, 2005).
27
CHAPTER FOUR
4.1 Introduction
The chapter presents the results of the study, interprets them and analyses the results. It
includes; demographic characteristics of respondents, characteristics of the company selected;
findings in regard to basic security measures and business performance at Maersk Agency
Uganda.
The study investigated the relationship between basic security measures on business
performance of Maersk Agency Uganda Limited.
118 92 79 24 20.7
Table 4.1 indicates that out of 118 respondents sampled, the response rate was 79% while
20.7% of the expected respondents were not able to return their questionnaires for reasons not
explained. This means that the response rate was in general terms good and therefore the margin
of error expected was lower. Out of 92 participants, 86 were subjected to questionnaires and 6
were interviewed.
28
4.3 Demographic Characteristics of Respondents
This section includes sample worker characteristics such as gender, marital status, age, level of
education, and years of employment at Maersk Agency Uganda Limited.
4.3.1 Respondents by Gender
Table 4. 2: Respondents by Gender
Male 52 61.0
Female 33 39.0
Total 85 100.0
On the gender of participants, table 4.2 shows that 61% of the respondents were males whilst
39% of them were females. This demonstrates that there is a significant gender gap in Maersk
Agency Uganda Limited. That noted, the findings were not affected by the imbalance, because
the characteristics under study were not gender biased.
77.50%
80.00%
70.00%
60.00%
50.00%
40.00%
30.00%
20.00% 9.80%
5.40% 7.30%
10.00%
0.00%
Single Married Divorced Widow/widower
29
4.3.3 Respondents by Marital Status
As per Figure 4.1, 77.6% of participants were married, 9.8% were single, 7.3% were
widows/widowers, and only 5.4% were divorced. The results show that the sample size was
representative of the entire population under study.
Series1, 41-50
Years, 25.60%,
26%
Series1, 31-40
Years, 56.10%,
56%
20-30 Years
31-40 Years
41-50 Years
51-60 Years
As per Figure 4.2, the majority of participants (56.1%) had between ages of 31 and 40, with
25.6% being between the ages of 41 and 50, 12.2% being between the ages of 20 and 30, and
6.1% being between the ages of 51 and 60. This implies that Maersk Agency Uganda Limited
is relatively young, implying that it can be energetic and also productive workforce that would
most likely take the investigation gravely and provide truthful answers.
30
4.3.4 Educational Levels
Figure 4. 3: Educational Levels
50.00%
45.10%
45.00% 42.70%
40.00%
35.00%
30.00%
25.00%
20.00%
15.00%
10.00% 6.10%
4.90%
5.00% 1.20%
0.00%
O' level A' level Diploma Bachelor's Postgraduate
degree
Looking at Figure 4.3, the majority of participants (45.1%) had a bachelor’s degree, 42.7%
hold postgraduate qualifications, 6.1% hold diploma qualifications, while 6.1% possess only
secondary education as their highest level of education. This presupposes that the respondents
were expected to be proficient and thus had sufficient knowledge about Maersk Uganda
Limited, and that the data collected was valid for drawing rational conclusions and generating
suggestions about the issue under investigation.
Personal opinions of respondents were consistently rated on a 5-likert scale. Strongly Agree
and Agree were interpreted in this study to mean Agree, while Strongly Disagree and Disagree
were interpreted to mean Disagree. Additionally, the mean and standard deviation were used
to analyze the data. Table 4.2 summarizes the findings.
31
Table 4. 3: Business Performance
Percentage Response
SA A UD D SD Mean Stddev
The findings presented in table 4.3, show that a score of three (>3) indicates agreement, while
a score of three (3) indicates disagreement. It further demonstrates that basic security measures
have been significantly rated and the finding is supported by the overall mean average of 4.19
at a standard deviation score greater than one (>1) indicating a divergence in opinion, while a
score less than one (1) indicates agreement in opinion.
The vast majority of respondents were pleased with the company's performance. Only 16 (20%)
people were undecided, with 65 (79%) agreeing that Maersk Agency Limited is a highly
profitable company and 1 (1%) disagreeing. This was confirmed by one interviewee’s rebuttal,
who stated that;
Maersk is an integrated container logistics company that is making profits. Throughout
2021, the company continued to strengthen its Logistics & Services business,
outperforming market growth with a revenue increase of up to USD 9.8 billion.
32
This implies that Maersk Agency Limited is a highly profitable business.
It was determined that 67(82%) consented that Maersk Agency Limited is a highly sustainable
business, while only 4(5%) disagreed and 11(13%) were undecided. This was confirmed in an
interview where Key informant 7 said:
Our sustainability efforts and goals are, of course, driven by our Environment,
Social, and Governance priorities, as well as our commitment to be net-zero by
2040 with 100% green logistics solutions for customers. The Company’s
approach to sustainability is evolving and centers on decarbonizing logistics and
adhering to responsible business practices across Environment, Social and
Governance issues.
4.4.2 Security policies and business performance of Maersk Agency Uganda Limited
This part contains results on security policies which was investigated using four items. These
queries centered on the predictors of issue-specific and system-specific security policies.
Employee responses and findings are available in Table 4.2, followed by an analysis and
interpretation.
33
Table 4. 4: Showing responses on Security Policies
Percentage Response
SA A UD D SD Mean Stddev
Results in table 4,4 show that respondents agreed and rated the security policies in Uganda
moderately. This finding is confirmed by the overall mean average of 4.12. whereas
respondents demonstrated disagreement, and a standard deviation scores greater than one
(>1) indicates divergence in opinion, while a score less than one (1) indicates communalities
in opinion.
Comparing findings of table 4.2 above, the majority of the respondents 87% concurred that
Security policies influence business performance of Maersk Agency Limited while 5(6%)
disagreed and only 6(7%) were undecided. In agreement Key respondent 1 said
“The security policies are averagely good although there are some other
issues that still need to be added”.
34
This implies that Security policies influence business performance of Maersk Agency
Limited. This could go a long way to improve on business performance at Maersk Agency
Limited.
It was recognized that 68(83%) agreed that they have a well-developed elaborate security
policy at Maersk Agency Limited yet 10(12%) did not concur with the assertion and 4(5%)
were unsure. This proposes that there is a well develop elaborate security policy at Maersk
Agency Limited. This could go a long way to improve on business performance at Maersk
Agency Limited.
The results also revealed that 73(89%) of the respondents agree that Maersk Agency Limited
has issue-specific security policies, it can be noted that basic security policies in Maersk are
effective. For example, in an interview with one of the respondent, “The security policies
are very good and we really need to just update them, for example, issues related to security
issues in logistics such as cyberattacks, theft, fraud, terrorism, sabotage, and more.” This
implies that there is issue -specific security policies at Maersk Agency Limited. This could
go a long way to improve on business performance at Maersk Agency Limited.
Most of the participants 73(89%) agreed that they have system specific security policies at
Maersk Agency Limited while 3(3%) failed to concur and 6(7%) remained unsure. This
shows that there are system specific security policies at Maersk Agency Limited which
could go a long way to improve on business performance at Maersk Agency Limited.
35
Table 4. 5: Correlation Results for information distribution and stakeholder
commitment
Correlations
Security policies Business
performance
N 82 82
Table 4.5 above shows a weak significant positive correlation between security policies on
business performance of Maersk Agency Uganda Limited. (r=.413** p < 0.05). This means
that, ensuring that there is an enterprise security policy; ensuring use of issue – specific security
policies, use of system specific security policies, other factors remaining constant, is likely to
improve on business performance of Maersk Agency Uganda Limited. The study findings
showed that there is significant relationship between Security policies and business
performance of Maersk Agency Uganda Limited. Those very findings are consistent with those
of Whitman and Mattord (2014), who discovered that issue-specific security policies provide
instructions and guidance to the entire organization on the usage a resources, such as a practice
or knowledge utilized by the organization.
Accordingly, Latham (2013) acknowledged that, to ascertain the firm’s ISP is useful, policy
statements that match the company structure must always be established. It is critical to engage
and obtain support from any and all prominent stakeholders in policy development.
The findings are also in harmony with Fischer et al. (2013) who revealed that Employees are
ever more willing to read the information security policy document (ISPD) and comply once
they realize it will help them in their daily work. Similarly, when top management accepts that
policy is a tool they can use to help ensure adherence to legislative requirements and effective
36
information security management, they may be more supportive and helpful in increasing
money as well as other resources (Zurawski, 2010).
4.4.3 Security training and awareness and business performance of Maersk Agency
Uganda Limited
The second objective of the study examined the level of training and awareness of security
policies at Maersk Agency. The level of training and awareness was assessed in terms a number
of constructs on security.
Table 4. 6: Respondents’ views on security training and awareness
Statements on security training and Percentage Response (%)
awareness
SA A UD D SD Mean Stddev
Security information influences business 39% 38% 8% 6% 8% 3.93 1.225
performance at Maersk Agency Limited (32) (31) (7) (5) (7)
Security instructions influence business 56% 28% 5% 10% 1% 4.28 1.022
performance at Maersk Agency Limited (46) (23) (4) (8) (1)
The frequent exchange of security 46% 29% 12% 12% 7% 3.83 1.294
information among staff at Maersk (34) (22) (10) (10) (6)
Agency Limited
Staff at Maersk Agency Limited are 45% 27% 11% 10% 7% 3.93 1.274
always given security instructions to (37) (22) (9) (8) (6)
follow.
Security instructions at Maersk Agency 56% 28% 5% 10% 1% 4.28 1.022
Limited are frequently updated (46) (23) (4) (8) (1)
Average 4.05 1.167
Source: Primary Data (2022)
Results in table 4.7, indicate that respondents rated training and awareness on security policies
reasonably. This finding is affirmed by the overall mean average of 4.05 and a standard
deviation of 1.67 which indicates multi - collinearity in viewpoints. It can be concluded that
security training and awareness is in place
37
7(8%) were undecided. This means that Security information influences business performance
at Maersk Agency Limited.
It was established that 69(84%) agreed that Security instructions influence business
performance at Maersk Agency Limited, this means that Security instructions influence
business performance at Maersk Agency Limited, which is likely to positively affect business
performance at Maersk Agency Limited.
The findings also revealed that the majority of respondents (56%) agreed that there is frequent
exchange of security information among Maersk Agency Limited employees, while 16 (18%)
disagreed. This is confirmed by Key informant 4 who said
Security information is shared with the various stakeholders in time, this goes
a long way to draw the interest of these different groups of people towards
whatever is happening in order to provide support and providing a good
environment for its management, thus, this goes a long way to determine how
we perform.
This means that Security information influences business performance at Maersk Agency
Limited.
The majority of the respondents 59(72%) agreed that Staff at Maersk Agency Limited are
always given security instructions to follow while 16(17%) disagreed and 9(11%) remained
undecided. This is confirmed by a response from Key informant 5 who said
In our status review meetings, Staff at Maersk Agency Limited are always
given security instructions to follow.
This shows that Staff at Maersk Agency Limited are always given security instructions to
follow. It was also established that 69(84%) agreed that Security instructions at Maersk Agency
Limited are frequently updated.
38
Table 4. 7: Correlation Results for security training /awareness and business
performance
Correlations
Security Business
training and performance
awareness
Table 4.7 shows a reasonable significant positive correlation between security training
/awareness & business performance of Maersk Agency Uganda Limited. (r=.510** p < 0.05).
This means that ensuring frequent exchange of security information among staff, ensuring that
Staff are always given security instructions to follow, ensuring that security instructions are
frequently updated, is likely to improve business performance of Maersk Agency Uganda
Limited. The study findings showed that there is significant relationship between security
training/ awareness and business performance of Maersk Agency Uganda Limited. Such
findings are supported by Canavan (2003) who found that security training & awareness are
the knowledge offered to the personnel to help them do their tasks safely. Similarly, Siponen
(2000) noted that security awareness educates workers on possible dangers and hazards to an
organization’s information assets, how such threats might arise, and how to handle the
organization’s information securely.
As per the findings of this study, there is a moderately positive significant relationship between
security training/awareness and the business performance of Maersk Agency Uganda Limited,
Whitman and Mattord (2014) noted that training allows users to ask questions and receive help.
39
These common users are also trained on how to conduct their jobs safely, such as appropriate
security practices and password management.
According to Finklea and Theohary (2015), physical security is a critical business practice with
many goals, including preventing unauthorized persons from entering a business and causing
harm, protecting intellectual property from corporate espionage, and mitigating workplace
violence, among others. Yates (2013), on the other hand, points out that numerous institutions
really haven’t assimilated security into their cultural context. The outcomes agree with Brodeur
(2017) who found that effective security strikes a balance between protection and convenience.
The results corroborate those of He, Zhang, and Wang (2015), who claimed that all workers
desire and are entitled to an environment that is both physically and emotionally secure,
allowing them to concentrate on their duties and experience fulfillment rather than being
concerned about potentially dangerous situations, harassment, or discrimination.
40
4.4.4 Management support to security team and business performance of Maersk
Agency Uganda Limited
The study applied a 5-likert to rate the respondents' opinions of respondents on the third
objective. The findings were found to be in agreement, as indicated by the overall mean average
of 3.95 and a standard deviation of 1.147.
SA A UD D SD Mean Stddev
Budget allocation to security influences 35% 31% 20% 7% 7% 3.79 1.214
business performance at Maersk Agency (29) (25) (16) (6) (6)
Limited
Management support in the enforcement 37% 34% 17% 10% 2% 3.93 1.075
of security measures influences business (30) (28) (14) (8) (2)
performance at Maersk Agency Limited
There is adequate budget allocation of 33% 54% 12% 5% 1% 4.18 1.062
funds to the security team at Maersk (31) (58) (13) (4) (1)
Agency Limited
The management at Maersk Agency 45% 27% 15% 5% 9% 3.95 1.256
Limited adequately supports the (37) (22) (12) (4) (7)
enforcement of security measures
Average 3.95 1.147
Source: Primary Data (2022)
The findings in table 4.8, show 66% of the respondents approved that budget allocation to
security influences business performance at Maersk Agency Limited. This suggests that budget
allocation to security influences business performance at Maersk Agency Limited which is
likely to positively affect business performance at Maersk Agency Limited.
It was established that 58(71%) agreed that management support in the enforcement of security
measures influences business performance at Maersk Agency Limited. Key informant 5 who
said “There is management support for security teams through provision of security inputs such
staffing, equipment”.
Additionally, 59(72%) accepted that there is adequate budget allocation of funds to the security
team at Maersk Agency Limited Key informant 7 said that
There is indeed, adequate funds provided for all the needs of the security teams
in this company.
41
This implies that there is adequate budget allocation of funds to the security team at Maersk
Agency Limited which is likely to positively affect business performance at Maersk Agency
Limited.
87% of the respondents assessed, that management at Maersk Agency Limited adequately
supports the enforcement of security measures while. This is a hint that the management at
Maersk Agency Limited adequately supports the enforcement of security measures which is
likely to positively affect business performance at Maersk Agency Limited.
Table 4. 9: Correlation Results for management support to security team and business
performance
Correlations
Management Business
support to performance
security teams
N 82 82
N 82 82
42
Table 4.9 displays a moderately significant positive correlation between management support
to security team & business performance of Maersk Agency Uganda Limited (r=.343** p <
0.05). This means that ensuring there is adequate budget allocation of funds to the security
team and ensuring that management adequately supports the enforcement of security measures,
other factors remaining constant is likely to significantly improve business performance of
Maersk Agency Uganda Limited. The findings assert that there is a positive relationship
between management support to security team and business performance of Maersk Agency
Uganda Limited. The findings are supported by Al-Awadi & Renaud (2007) who observed that
Management support is critical for successful information security deployment. Doherty &
Fulford (2005) added in agreement that when establishing information security in enterprises,
the money is equally significant. Organizations must have sufficient funding to introduce a
good information security. Similarly, Hone & Eloff (2002) argued that information security
policy aids in the identification of the organization’s critical assets. It also assists companies in
achieving a good performance.
43
4.5To establish the effect of basic security measures on business performance of Maersk
Agency Uganda Limited
This revealed the extent to which security policies; security training and awareness; and
management support to security team predicted business performance of Maersk Agency
Uganda Limited as shown in the Table 4.14 below;
Table 4.14 Regression of basic security measures and business performance
Independent Unstandardized Standardized
Model Coefficients Coefficients
B Std.
Error Beta T Sig.
(Constant) .122 .322 .347 .729
Security policies .032
.338 .155 .179 2.176
Security training/awareness .119 .005
.342 .247 2.868
Management support to security team .093 .000
.515 .485 5.529
Basing on the results from regression analysis, business performance of Maersk Agency
Uganda Limited is mostly influenced by Management support to security team (Beta = 0.485:
Sig = 0.000) followed by security training/awareness (Beta = 0.247, Sig = 0.005) and lastly by
security policies (Beta = 0.179; Sig = 0.032). The influence from the three factors (Management
support to security teams, security training/awareness and security policies) is further displayed
to be statistically significant (all have significant values below 0.05) in the context of this
research. Findings from regression analysis indicate that management support to security teams
is the most influential factor towards the realization of business performance of Maersk Agency
Uganda Limited.
Findings from regression analysis also indicates that management support to security teams,
security training/awareness and security policies together influence up to 44.6% of the changes
in business performance of Maersk Agency Uganda Limited. This therefore means that the
business performance of Maersk Agency Uganda Limited is also influenced by other factors
which were not considered in this study. These other factors influence up to 55.4% of the
changes in business performance of Maersk Agency Uganda Limited.
44
CHAPTER FIVE
5.1 Introduction
This research established the relationship between basic security measures on business
performance of Maersk Agency Uganda Limited. This chapter presents a discussion of key
findings, draws conclusions, and forwards recommendations based on the research’s three
objectives in order to improve the institute of basic security policies that support business
performance at Maersk Agency.
5.2.1 Security policies and business performance of Maersk Agency Uganda Limited
According to the study's findings, there is a weak positive correlation between Maersk Agency
Uganda Limited's business performance and its security policies (r=.413** p < 0.05). This
study found that, ensuring that there is an enterprise security policy; ensuring use of issue –
specific security policies, use of system specific security policies, other factors remaining
constant, is likely to improve on business performance of Maersk Agency Uganda Limited.
5.2.2 Security training/ awareness and business performance of Maersk Agency Uganda
Limited
The study's findings showed a moderately significant positive correlation between Maersk
Agency Uganda Limited's business performance and its security training and awareness
(r=.510** p < 0.05). This study found that ensuring frequent exchange of security information
among staff, ensuring that Staff are always given security instructions to follow, ensuring that
security instructions are frequently updated improves business performance at Maersk Agency
Uganda Limited.
45
5.2.3 Management support to security team and business performance of Maersk
Agency Uganda Limited
The study's findings showed a weak significant positive correlation (r=.343** p 0.05) between
management support for the security team and Maersk Agency Uganda Limited's business
performance. This study found that ensuring there is adequate budget allocation of funds to the
security team and ensuring that management adequately supports the enforcement of security
measures, other factors remaining constant is likely to significantly improve business
performance of Maersk Agency Uganda Limited.
5.4 Conclusions
The effect of basic security measures on business performance of Maersk Agency Uganda
Limited.
5.4.1 Security policies & business performance of Maersk Agency Uganda Limited
There is a weak significant positive correlation concerning security policies on business
performance of Maersk Agency Uganda Limited. The study concludes that possession of
security policies such as enterprise specific, issue specific and system specific policies is
expected to improve business performance of Maersk Agency Uganda Limited in terms of
sustainability, profitability, efficiency and effectiveness.
5.4.2 Security training/ awareness and business performance of Maersk Agency Uganda
Limited
According to the study's findings, there is a moderately strong positive correlation between
Maersk Agency Uganda Limited's business performance and security training and awareness.
Given the foregoing, it was concluded that ensuring frequent exchange of security information
among staff, ensuring that Staff are always given security instructions to follow, ensuring that
security instructions are frequently updated are essential for improving business performance
of Maersk Agency Uganda Limited.
46
enforcement of security measures are essential for improving business performance of Maersk
Agency Uganda Limited.
5.5 Recommendations
A number of suggestions were based primarily on the study’s findings and conclusions.
The management of Maersk Agency Uganda Limited update the use of ISSP and use of SSSP
to improve business performance of Maersk Agency Uganda Limited.
The management of Maersk Agency Uganda Limited should improve on the flow of security
information among staff of Maersk Agency Uganda Limited.
The management of Maersk Agency Uganda Limited should make adequate budget allocation
of funds to the security team to improve business performance of Maersk Agency Uganda
Limited.
It is thus recommended that future research focus on: the effect of basic security measures on
business performance of other private companies to validate the study and see if this study
finding can be generalized.
47
REFERENCES
Abadie, A., & Gardeazabal, J. (2008). Terrorism and the world econ-omy. European Economic
Review,52(1), 1–27.
Abawajy, J., & Kim, T. H. (2010). Performance analysis of cyber security awareness delivery
methods. In Security technology, disaster recovery and business continuity (pp. 142-148).
Springer, Berlin, Heidelberg.
Adekola, G., & Enyiche, C. C (2017). Effects of insecurity on community development projects
in Ogba/Egbema/Ndoni and Ahoada East Local Government Areas of Rivers State, Nigeria.
Journal of Education and Practice, 8 (14) 34-39.
Abdul Jail, (2010) International Business Research. Vol. 3, No. 4; October 2010, Accessed 27th
October 2022, http://www.ccsenet.org/journal/index.php/ibr/article/view/7572
Aslam, F., & Kang, H. G. (2015). How different terrorist attacks affect stock markets. Defense
and Peace Economics,26(6), 634–648.
Arasti, Z., Zandi, F., & Bahmani, N. (2014). Business failure factors in Iranian SMEs: Do
successful and unsuccessful entrepreneurs have different viewpoints? Journal of Global
Entrepreneurship Research, 4(1), 1-14.
Bader, B., & Schuster, T. (2015). Expatriate social networks in terrorism-endangered countries:
An empirical analysis in Afghanistan, India, Pakistan, and Saudi Arabia. Journal of
International Management, 21(1), 63–77.
Brodeur, A. (2017). The effect of terrorism on employment and consumer sentiment: Evidence
from successful and failed terror. American Economic Journal: Applied Economics, 9526, 48.
Chen, A. H., & Siems, T. F. (2004). The effects of terrorism on global capital markets.
European Journal of Political Economy,20(2), 349–366.
48
Chesney, M., Reshetar, G., & Karaman, M. (2011). The impact of terrorism on financial
markets: An empirical study. Journal of Banking and Finance,35(2), 253–267.
Cram, W. A., Proud foot, J. G., & D’Arcy, J. (2017). Organizational information security
policies: a review and research framework. European Journal of Information Systems, 26(6),
605-641.
District Management Team Report (2007). An investigation into the growth of Uganda’s f fish
exports to the European Union: What did they do right and is any of it replicable across other
export sectors. Study funded by Ugandan Programmed for Trade Opportunities and Policy
Drakos, K. (2010). Terrorism activity, investor sentiment, and stock returns. Review of
Financial Economics,19(3), 128–135.
Graham, M. A., & Ramiah, V. B. (2012). Global terrorism and adaptive expectations in
financial markets: Evidence from Japanese equity market. Research in International; Business
and Finance,26,97–119.
Chatterton, M. R., and Frenz, S. J. (1994). Closed-circuit television: its role in reducing
burglaries and the fear of crime in sheltered accommodation for the elderly. Security Journal 5
(3): 133-139.
Ditton, J. 2000. Crime and the City: Public attitudes towards open-street CCTV in Glasgow.
British Journal of Criminology 40 (4): 692-709.
49
Ditton, J., & Short, E. (1998). Evaluating Scotland’s first town Centre CCTV scheme. In C.
Norris, J. Moran & G. Armstrong (Eds.) Surveillance, closed circuit television and social
control, (pp. 155–173). Aldershot: Ashgate.
Elowson, C., & de Albuquerque, A. L. (2016). Challenges to Peace and Security in Eastern
Africa: The role of IGAD, EAC and EASF. Studies in African Security, 5634.
Gilley, K. & Rashid, A. (2010). Making More by Doing Less: An Analysis of Outsourcing and
its Effect on Firm Performance. Journal of Management, 26(4), 126 – 134.
Gordon, L.A. and Loeb, M.P. (2006) Managing Cybersecurity Resources a Cost-Benefit
Analysis. McGraw-Hill, Inc., New York.
He, X., Zhang, J., & Wang, J. (2015). Market seeking orientation and performance in China:
The impact of institutional environment, subsidiary ownership structure and experience.
Management International Review, 55(3), 389–419.
Honovich, J. (2008). Is Public CCTV Effective? Retrieved April 15, 2016, from
http://ipvm.com/reports/is-public-cctv-effective.
Ito, H., & Lee, D. (2005). Assessing the impact of the September11 terrorist attacks on U.S.
airline demand. Journal of Economics and Business,57(1), 75–95.
Jain, S. C., & Grosse, R. (2009). Impact of terrorism and security measures on global business
transactions: Some international business guidelines. Journal of Transnational
Management, 14(1), 42-73.
Kasali, M. A. (2011). Analyzing the evolution of private security guards and their limitations
to security management in Nigeria. African Journal of Criminology and Justice Studies 5 (2)
32
50
KAZOOBA, C. T. (2006). Causes of small business failure in Uganda: a case study from
Bushenyi and Mbarara Towns.
Lensink, R., Servin, R., & Berg, M. V. (2017). Do savings and credit institutions reduce
vulnerability? New evidence from Mexico. Review of Income and Wealth, 63(2), 335–352.
Mayhew, P., Clarke, R.V., Burrows, J.N., Hough, J.M., & Winchester, S.W.C. (1979). Crime
in public view. Home Office Research Studies series. London: Home Office.
Procasky, W. J., & Ujah, N. U. (2016). Terrorism and its impact on the cost of debt. Journal of
International Money and Finance,60, 253–266.
Shaw, R. S., Chen, C. C., Harris, A. L., & Huang, H. J. (2009). The impact of information
richness on information security awareness training effectiveness. Computers & Education,
52(1), 92-100.
Turyahebwa, A., Sunday, A., & Ssekajugo, D. (2013). Financial management practices and
business performance of small and medium enterprises in western Uganda. African journal of
business management, 7(38), 3875-3885.
Wiley et al, (2020) The Relationship Between Information Security Awareness and Training;
p. 58. https://www.researchgate.net/publication/336562302 Accessed October 27, 2022
Zurawski, N. (2010). ‘It is all about perceptions’: Closed-circuit television, feelings of safety
and perceptions of space – What people say. Security Journal 23 (4): 259-275.
51
APPENDIX A: Questionnaire
Dear Respondent,
All information provided will be kept strictly confidential. Your participation in this study is
voluntary but I will be glad if you accept to participate in it.
Sincerely,
James Kateete
SECTION: A
I. Demographics:
Please fill and tick () where applicable.
1. Sex
Male
Female
2. Marital Status
Single
Married
Divorced
Widow/widower
Other (Specify)……………………
52
3. Age group
20-30years
31-40years
41-50years
51-60yrs
4. Highest Educational level attained
Primary
O level
A level
Diploma
Bachelor’s degree
Post graduate
Others (Specify)…………………
Section B: Effect of basic security measures on business performance of Maersk Agency
Limited
Please use the rating scale 1-5 as provided below to select an option that you consider most
appropriate. Tick (√) the most appropriate number.
1. Strongly disagree 2. Disagree 3. Not sure 4. Agree 5. Strongly agree
A Security Policies SD D U A SA
B Security awareness/training
53
12 Security instructions influence business performance at
Maersk Agency Limited
D Business Performance
54
APPENDIX B: Interview Guide for Key Informants
Instructions
55