The effects of antecedents and mediating factors on cybersecurity protection behavior

Abstract

This paper identifies opportunities for potential theoretical and practical improvements in employees' awareness of cybersecurity and their motivational behavior to protect themselves and their organizations from cyberattacks using the protection motivation theory. In addition, it contributes to the literature by examining additional variables and mediators besides the core constructs of the Protection Motivation Model (PMT). This article uses empirical data and structural equation modeling to test the antecedents and mediators of employees' cybersecurity motivational behavior. The study offers theoretical and pragmatic guidance for cybersecurity programs. First, the model developed in this study can partially explain how people may change their cybersecurity protection behavior about security threats and coping actions. Secondly, the result of the study indicates that security coping factors are reliable predictors in projecting individual intention to take protective measures. Third, organizational effort in combatting cyber threats and increasing employee awareness is significantly associated with the use of cyber threat coping processes. Additionally, several practical prescriptions are suggested based on gender, generations, and types of organizations. For example, government organizations have taken well-designed cybersecurity measures and developed detailed protocols to enhance employees’ motivational behavior. Finally, future cybersecurity training materials should adapt to the unique traits of different generations, especially the Gen Edge group and digital natives for all cybersecurity subjects.