Abstract
Most organisations prioritise the safeguarding of organisational information. Researchers and business stakeholders recognise the power that employees hold over confidential business information owing to the fact that the actions and behaviours of these insiders influence cybersecurity and the information that it safeguards. Previous studies have examined how external elements such as social norms and security protocols influence employees' cybersecurity behaviours (Cram et al., 2017; Burns et al., 2017). Burns et al. (2017) assert that employees' cybersecurity behaviours are closely connected to their psychological orientation towards cybersecurity. Emotions influence people’s views, mindsets, and actions (Izard, 2002), and Gulenko (2014) found that leveraging positive emotions to improve security behaviour had a more significant impact on cybersecurity behaviour than the leveraging of negative emotions. Negative emotions can harm an employee's memory, reducing their ability to learn new information and decreasing work performance (Izard, 2002). According to Beaudry and Pinsonneault (2010), negative emotions often result in aggressive behaviour, which affects IT-related decisions. Only a limited number of research has focused on how employees' emotions affect their motivation to engage in cybersecurity-protective behaviour. Therefore, this study explores how employees' emotions impact their cybersecurity protection motivation behaviour by utilising protection-motivation theory (PMT) and broaden-and-build theory (BBT). We propose that protection-motivation behaviour and self-efficacy are each negatively influenced by negative emotions and positively influenced by positive emotions. We also propose that self-efficacy has a positive effect on protection-motivation behaviour in employees and that self-efficacy mediates the relationship between negative and positive emotions and employees’ protection-motivation behaviour. Moreover, we propose that employees’ awareness of cybersecurity can positively moderate all the relationships mentioned above.
We test our hypotheses using survey data from 383 employees at King Abdulaziz University in Saudi Arabia. Our results show that negative emotions do not significantly influence employees’ self-efficacy and protection-motivation behaviour, while positive emotions significantly and positively influence employees’ self-efficacy and protection-motivation behaviour. Moreover, we found that self-efficacy positively and significantly influences employees’ protection-motivation behaviour. Regarding the mediator, our results show that self-efficacy does not significantly mediate the relationship between negative emotions and employees’ protection-motivation behaviour; in contrast, self-efficacy positively and significantly mediates the relationship between positive emotions and employees’ protection-motivation behaviour. In employees, there is a relationship between the emotions that one feels towards one’s self-efficacy and one’s protection-motivation behaviour. We found that cybersecurity awareness has a significant moderating effect on this relationship when such emotions are positive; conversely, cybersecurity awareness does not have a significant moderating effect on this relationship when such emotions are negative. Cybersecurity awareness also positively and significantly moderates the relationship between self-efficacy and protection-motivation behaviour. The study's main results and conclusions indicate that internal emotions are crucial to cybersecurity-protection behaviour. With this knowledge, organisations can enhance cybersecurity by addressing their employees' emotional requirements.
We test our hypotheses using survey data from 383 employees at King Abdulaziz University in Saudi Arabia. Our results show that negative emotions do not significantly influence employees’ self-efficacy and protection-motivation behaviour, while positive emotions significantly and positively influence employees’ self-efficacy and protection-motivation behaviour. Moreover, we found that self-efficacy positively and significantly influences employees’ protection-motivation behaviour. Regarding the mediator, our results show that self-efficacy does not significantly mediate the relationship between negative emotions and employees’ protection-motivation behaviour; in contrast, self-efficacy positively and significantly mediates the relationship between positive emotions and employees’ protection-motivation behaviour. In employees, there is a relationship between the emotions that one feels towards one’s self-efficacy and one’s protection-motivation behaviour. We found that cybersecurity awareness has a significant moderating effect on this relationship when such emotions are positive; conversely, cybersecurity awareness does not have a significant moderating effect on this relationship when such emotions are negative. Cybersecurity awareness also positively and significantly moderates the relationship between self-efficacy and protection-motivation behaviour. The study's main results and conclusions indicate that internal emotions are crucial to cybersecurity-protection behaviour. With this knowledge, organisations can enhance cybersecurity by addressing their employees' emotional requirements.
Original language | English |
---|---|
Title of host publication | The Role Of Emotions In Influencing The Employees' Cybersecurity Protection Motivation Behaviour |
Publication status | Accepted/In press - 28 Feb 2024 |
Event | The 32nd European Conference on Information Systems - Paphos, Cyprus Duration: 16 Jun 2024 → 19 Jun 2024 https://ecis2024.eu/ |
Conference
Conference | The 32nd European Conference on Information Systems |
---|---|
Abbreviated title | ECIS 2024 |
Country/Territory | Cyprus |
City | Paphos |
Period | 16/06/24 → 19/06/24 |
Internet address |
Keywords
- Cyber attacks
- Cyber crisis response
- Emotion
- User behavior