The impact of SETA event attributes on employees’ security-related Intentions: An event system theory perspective

Abstract

Current research recommends security education, training, and awareness (SETA) programs as an effective way to counter internal security threats and promote employees’ security behaviors. Contrary to the dominant approach, which views SETA as a simple, single construct, we argue that the attributes of SETA are the key determinants of the programs’ impact on individuals. More specifically, we bridge this gap by using event system theory (EST) to conceptualize SETA programs as “organization events” and empirically test the role of SETA attributes in affecting employees’ intentions to comply with security policy (i.e., in-role behavioral intentions) and extra-role behavioral intentions. The results of this research advance the understanding of SETA attributes and their impacts on employees’ compliance intentions and extra-role behavioral intentions from the EST perspective. The results suggest that the novelty of SETA event is more effective in fueling extra-role behavioral intention than compliance intention. The results also suggest that criticality exerts a similar positive influence on both compliance and extra-role behavioral intention, while the disruption of SETA event has a significant negative effect on these two intentions. Further, there is evidence that the negative relationship between SETA event disruption and two security behavioral intentions is stronger when the SETA event is dispersed throughout a wide range of organizational hierarchy levels. The expected research and practical implications are also discussed in the paper.