Description
Research identifies employees as the weakest link in data security. Determining what characteristics make employees exhibit risky behaviors poses a challenge. With Protection Motivation Theory as our foundation, we incorporate the IT identity construct, “the extent to which a person views use of IT as integral to his or her sense of self”, to explain variations in employees’ cybersecurity behaviors. Our research questions are: (1) Does IT identity affect security behavioral intentions? (2) Does immersive cybersecurity training affect IT identity? For Question 1, we propose a survey-based study of full-time employees testing whether employees with stronger IT identity exhibit superior cybersecurity behaviors. For Question 2, we propose a field study to determine whether cybersecurity training increases participants’ IT identity. Our goal is understanding the interaction between employees’ rational protective behaviors and their incorporation of IT artifacts into their sense of self. Keywords: IT identity, Cybersecurity, Protection Motivation Theory, Insider Threats
Recommended Citation
Shi, Yao; Booth, Ruby E.; and Simon, Judith, "The Iterative Effect of IT Identity on Employee Cybersecurity Compliance Behaviors" (2017). AMCIS 2017 Proceedings. 18.
https://aisel.aisnet.org/amcis2017/InformationSystems/Presentations/18
The Iterative Effect of IT Identity on Employee Cybersecurity Compliance Behaviors
Research identifies employees as the weakest link in data security. Determining what characteristics make employees exhibit risky behaviors poses a challenge. With Protection Motivation Theory as our foundation, we incorporate the IT identity construct, “the extent to which a person views use of IT as integral to his or her sense of self”, to explain variations in employees’ cybersecurity behaviors. Our research questions are: (1) Does IT identity affect security behavioral intentions? (2) Does immersive cybersecurity training affect IT identity? For Question 1, we propose a survey-based study of full-time employees testing whether employees with stronger IT identity exhibit superior cybersecurity behaviors. For Question 2, we propose a field study to determine whether cybersecurity training increases participants’ IT identity. Our goal is understanding the interaction between employees’ rational protective behaviors and their incorporation of IT artifacts into their sense of self. Keywords: IT identity, Cybersecurity, Protection Motivation Theory, Insider Threats