Exploring role of moral disengagement and counterproductive work behaviours in information security awareness

Abstract As security breaches in organisations are on the rise, developing an understanding of factors enabling and preventing such breaches is crucial. Even though previous studies have examined organisational aspects of information security, not much focus has been placed on human factors. In the present work we examined the tendency to morally disengage (MD), information security awareness (ISA), and counterproductive work behaviours (CWB), in a sample of 718 employees who used computers on daily basis, in order to establish predictors of CWB and the behavioural outcomes of ISA. The results showed that the propensity to morally disengage plays an important role in ISA, particularly the aspect of diffusion of responsibility. Secondly, ISA knowledge and ISA attitude, as expected, were part of a mediating mechanism underlying the relationship between MD and ISA behaviours, as well as MD and CWB. This demonstrates that ISA and CWB constructs overlap to a certain degree, and thus affecting one, should have effects also on the other. Targeted interventions need to consider ways of improving ISA knowledge and attitudes, as well as employees’ sense of responsibility for the information they work with.

[1]  L. Treviño,et al.  Moral disengagement in ethical decision making: a study of antecedents and outcomes. , 2008, The Journal of applied psychology.

[2]  Herbert J. Mattord,et al.  Principles of Information Security , 2004 .

[3]  C. Lance,et al.  What Reviewers Should Expect from Authors Regarding Common Method Bias in Organizational Research , 2010 .

[4]  R. Bennett,et al.  A TYPOLOGY OF DEVIANT WORKPLACE BEHAVIORS: A MULTIDIMENSIONAL SCALING STUDY , 1995 .

[5]  Malcolm Robert Pattinson,et al.  The effect of resilience and job stress on information security awareness , 2018, Inf. Comput. Secur..

[6]  Serge Egelman,et al.  Scaling the Security Wall: Developing a Security Behavior Intentions Scale (SeBIS) , 2015, CHI.

[7]  Nader Sohrabi Safa,et al.  Human errors in the information security realm – and how to fix them , 2016 .

[8]  Charles L. Hulin,et al.  General attitudes and organizational withdrawal: An evaluation of a causal model , 1991 .

[9]  Helge Janicke,et al.  Exploring the role of work identity and work locus of control in information security awareness , 2019, Comput. Secur..

[10]  Rabih Bashroush,et al.  The impact of repeated data breach events on organisations' market value , 2016, Inf. Comput. Secur..

[11]  Ivan Flechais,et al.  Usable Security: Why Do We Need It? How Do We Get It? , 2005 .

[12]  S. Hystad,et al.  Moral disengagement as a mechanism between perceptions of organisational injustice and deviant work behaviours , 2014 .

[13]  Paul E. Spector Using self‐report questionnaires in OB research: A comment on the use of a controversial method , 1994 .

[14]  Marcus A. Butavicius,et al.  Test-retest reliability and internal consistency of the Human Aspects of Information Security Questionnaire (HAIS-Q) , 2016, ACIS.

[15]  Malcolm Robert Pattinson,et al.  Determining employee awareness using the Human Aspects of Information Security Questionnaire (HAIS-Q) , 2014, Comput. Secur..

[17]  ParsonsKathryn,et al.  The Human Aspects of Information Security Questionnaire (HAIS-Q) , 2017 .

[18]  Paul E. Spector,et al.  Counterproductive Work Behavior and Organisational Citizenship Behavior: Are They Opposite Forms of Active Behavior? , 2010 .

[19]  Lee Hadlington,et al.  The "Human Factor" In Cybersecurity: Exploring the Accidental Insider , 2018 .

[20]  I. Ajzen The theory of planned behavior , 1991 .

[21]  Paul E. Spector,et al.  The deviant citizen: Measuring potential positive relations between counterproductive work behaviour and organizational citizenship behaviour , 2012 .

[22]  L. Treviño,et al.  WHY EMPLOYEES DO BAD THINGS: MORAL DISENGAGEMENT AND UNETHICAL ORGANIZATIONAL BEHAVIOR , 2012 .

[23]  Malcolm Robert Pattinson,et al.  Individual differences and Information Security Awareness , 2017, Comput. Hum. Behav..

[24]  Likoebe M. Maruping,et al.  Team Size, Dispersion, and Social Loafing in Technology-Supported Teams: A Perspective on the Theory of Moral Disengagement , 2010, J. Manag. Inf. Syst..

[25]  Tejaswini Herath,et al.  Understanding Employee Responses to Stressful Information Security Requirements: A Coping Perspective , 2014, J. Manag. Inf. Syst..

[26]  C. Sweet,et al.  Further studies on the role of the residue 890 cysteine to tyrosine mutation in the M70 primase ORF of the temperature‐sensitive mutant (tsm5) of murine cytomegalovirus , 2016, Journal of medical virology.

[27]  A. Panter,et al.  Predicting Counterproductive Work Behavior from Guilt Proneness , 2012, Journal of Business Ethics.

[28]  E. Kevin Kelloway,et al.  Counterproductive work behavior as protest , 2010 .

[29]  Malcolm Robert Pattinson,et al.  Understanding susceptibility to phishing emails: Assessing the impact of individual differences and culture , 2017, HAISA.

[30]  Nichelle C. Carpenter,et al.  Are Counterproductive Work Behavior and Withdrawal Empirically Distinct? A Meta-Analytic Investigation , 2017 .

[31]  Mikko T. Siponen,et al.  A conceptual foundation for organizational information security awareness , 2000, Inf. Manag. Comput. Secur..

[32]  D. Wilks Attitudes towards unethical behaviours in organizational settings: an empirical study , 2011 .

[33]  Stavros P. Kiriakidis Moral Disengagement , 2008, International journal of offender therapy and comparative criminology.

[34]  Terrance Weatherbee Counterproductive use of technology at work: Information & communications technologies and cyberdeviancy , 2010 .

[35]  Kelly O. Finnerty,et al.  Cyber Security Breaches Survey 2020 , 2019 .

[36]  Paul E. Spector,et al.  The dimensionality of counterproductivity: Are all counterproductive behaviors created equal? , 2006 .

[37]  Patrick Y. K. Chau,et al.  The effects of moral disengagement and organizational ethical climate on insiders' information security policy violation behavior , 2019, Inf. Technol. People.

[38]  Rossouw von Solms,et al.  From information security to cyber security , 2013, Comput. Secur..

[39]  Malcolm Robert Pattinson,et al.  The Human Aspects of Information Security Questionnaire (HAIS-Q): Two further validation studies , 2017, Comput. Secur..

[40]  A. Bandura Social Foundations of Thought and Action: A Social Cognitive Theory , 1985 .

[41]  Sharad Borle,et al.  Estimating the Contextual Risk of Data Breach: An Empirical Approach , 2015, J. Manag. Inf. Syst..

[42]  Kathryn Parsons,et al.  Can Cyberloafing and Internet Addiction Affect Organizational Information Security? , 2017, Cyberpsychology Behav. Soc. Netw..