Investigating the impact of cyber security policy awareness on employees’ cyber security behavior

As internet technology and mobile applications increase in volume and complexity, malicious cyber-attacks are evolving, and as a result, society is facing greater security risks in cyberspace more than ever before. This study has extended the published literature on cybersecurity by theoretically defining the conceptual domains of employees’ security behavior, and developed and tested operational measures to advance information security behavior research in the workplace. A conceptual framework is proposed and tested using survey results from579 business managers and professionals. Structural equation modelling and ANOVA procedures are employed totest the proposed hypotheses. The results show that when employees are aware of their company’s informationsecurity policy and procedures, they are more competent to manage cybersecurity tasks than those who are not aware of their companies cyber security policies. The study also indicates that an organizational information security environment positively influences employees threat appraisal and coping appraisal abilities, which in turn, positively contribute to their cybersecurity compliance behavior.