Investigating the impact of cybersecurity policy awareness on employees' cybersecurity behavior

As internet technology and mobile applications increase in volume and complexity, malicious cyber-attacks are evolving, and as a result society is facing greater security risks in cyberspace more than ever before. This study has extended the published literature on cybersecurity by theoretically defining the conceptual domains of employees' security behavior, and developed and tested operational measures to advance information security behavior research in the workplace. A conceptual framework is proposed and tested using survey results from 579 business managers and professionals. Structural equation modeling and ANOVA procedures are employed to test the proposed hypotheses. The results show that when employees are aware of their company's information security policy and procedures, they are more competent to manage cybersecurity tasks than those who are not aware of their companies' cybersecurity policies. The study also indicates that an organizational information security environment positively influences employees' threat appraisal and coping appraisal abilities, which in turn, positively contribute to their cybersecurity compliance behavior.