Social cognitive determinants of non-malicious, counterproductive computer security behaviors ( Ccsb): An empirical analysis

This study used a cross-sectional survey to test the relationships among social cognitive variables and employees’ counterproductive computer security behaviors (CCSB). We used data collected from 201 professionals in Canadian organizations. Components from social cognitive theory (SCT) including self-efficacy, observational learning, outcome expectations (organizational and personal), self-regulation, and organizational facilitators could diminish employees’ CCSB. No prior research has examined this phenomenon using SCT. A total of 16 hypotheses were formulated and tested with the partial least squares (PLS) technique; 10 were confirmed. Notably, two SCT variables, i.e. outcome expectations (organizational) and self-regulation had direct negative effects on CCSB. The others did not have direct effects on CCSB; however, outcome expectations (personal) had indirect effect on CCSB through self-regulation. Self-efficacy indirectly impacted CCSB through outcome expectations (organizational). In addition, observational learning and outcome expectations (organizational) had indirect effects on CCSB through self-regulation. The results confirmed that organizational facilitator, i.e. training, have positive effects on self-efficacy. The data showed that intention to engage in CCSB is positively associated with indulgence in the behavior, in this instance, self-reported engagement in CCSB. The social cognitive variables in our research model explained 18% of the variance observed in the intention to engage in CCSB.