TY - JOUR
T1 - Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior
AU - Li, Ling
AU - He, Wu
AU - Xu, Li
AU - Ash, Ivan
AU - Anwar, Mohd
AU - Yuan, Xiaohong
PY - 2019/4/1
Y1 - 2019/4/1
N2 - As internet technology and mobile applications increase in volume and complexity, malicious cyber-attacks are evolving, and as a result society is facing greater security risks in cyberspace more than ever before. This study has extended the published literature on cybersecurity by theoretically defining the conceptual domains of employees’ security behavior, and developed and tested operational measures to advance information security behavior research in the workplace. A conceptual framework is proposed and tested using survey results from 579 business managers and professionals. Structural equation modeling and ANOVA procedures are employed to test the proposed hypotheses. The results show that when employees are aware of their company's information security policy and procedures, they are more competent to manage cybersecurity tasks than those who are not aware of their companies’ cybersecurity policies. The study also indicates that an organizational information security environment positively influences employees’ threat appraisal and coping appraisal abilities, which in turn, positively contribute to their cybersecurity compliance behavior.
AB - As internet technology and mobile applications increase in volume and complexity, malicious cyber-attacks are evolving, and as a result society is facing greater security risks in cyberspace more than ever before. This study has extended the published literature on cybersecurity by theoretically defining the conceptual domains of employees’ security behavior, and developed and tested operational measures to advance information security behavior research in the workplace. A conceptual framework is proposed and tested using survey results from 579 business managers and professionals. Structural equation modeling and ANOVA procedures are employed to test the proposed hypotheses. The results show that when employees are aware of their company's information security policy and procedures, they are more competent to manage cybersecurity tasks than those who are not aware of their companies’ cybersecurity policies. The study also indicates that an organizational information security environment positively influences employees’ threat appraisal and coping appraisal abilities, which in turn, positively contribute to their cybersecurity compliance behavior.
KW - Cues to action
KW - Cybersecurity policy compliance
KW - Information security
KW - Peer behavior
KW - Protection motivation theory
UR - https://www.scopus.com/inward/record.uri?partnerID=HzOxMe3b&scp=85055907674&origin=inward
UR - https://www.scopus.com/inward/citedby.uri?partnerID=HzOxMe3b&scp=85055907674&origin=inward
U2 - 10.1016/j.ijinfomgt.2018.10.017
DO - 10.1016/j.ijinfomgt.2018.10.017
M3 - Article
SN - 0268-4012
VL - 45
SP - 13
EP - 24
JO - International Journal of Information Management
JF - International Journal of Information Management
ER -