Optimism amid risk: How non-IT employees’ beliefs affect cybersecurity behavior

Document Type

Article

Publication Title

Computers and Security

Publication Date

6-1-2024

Abstract

Purpose: This study delves into the interplay between personal dispositions and cybersecurity behaviors within organizational settings. It investigates how optimism bias influences attitudes toward cybersecurity and subsequently affects cybersecurity behavior. Additionally, it examines the moderating role of information security awareness in shaping the relationship between attitude and risky cybersecurity behavior. Design/methodology/approach: Drawing upon extensive research on coping mechanisms and attitude-behavior consistency, we develop a research model that hypothesizes the dynamics of optimism bias, attitude toward cybersecurity, risky cybersecurity behavior, and information security awareness. Survey data are collected from non-IT employees across the United States, and the model is empirically validated using structural equation modeling (SEM). Findings: This study finds that optimism bias directly contributes to risky cybersecurity behavior and fosters a negative attitude toward cybersecurity. It also reveals that a poor attitude toward cybersecurity further reinforces risky cybersecurity behavior. Additionally, information security awareness is found to negatively moderate the relationship between the attitude toward cybersecurity and risky cybersecurity behavior. Originality/Value: This study investigates optimism bias in the context of cybersecurity. It enhances the theoretical and empirical understanding of optimism bias in cybersecurity by revealing its influence on cybersecurity attitude and behavior in organizational settings. It also offers managerial insights into the importance of shaping non-IT employees’ cybersecurity attitudes and behavior through risk communication, cybersecurity education, and training.

Volume

141

DOI

10.1016/j.cose.2024.103812

ISSN

01674048

Link to Full Text

Share

 
COinS