Behavioral information security: Two end user survey studies of motivation and security practices

Information security is a multibillion-dollar problem faced by commercial and government organizations around the world. Through their adverse effects on organizational information systems, malware, hackers, and malicious insiders jeopardize organizations’ capabilities to pursue their missions effectively. Although technology-based solutions help to mitigate some of the many problems of information security, even the best technology cannot work successfully unless the people in organizations do the right thing. In two national survey studies (N=1167 and N=298) we explored some of the motivational antecedents surrounding the practices of information security by end users. Results revealed that organization type, job role, job satisfaction, and organizational commitment each showed relations to some key security behaviors of end users