School of Business Sciences (ETDs)

Permanent URI for this communityhttps://hdl.handle.net/10539/37874

Browse

Filter results by typing the first few letters
Now showing 1 - 1 of 1
  • Thumbnail Image
    Item
    Insights derived from information security behaviour of employees in the South African banking industry
    (University of the Witwatersrand, Johannesburg, 2024) Dhladhla, Thembi; Moodley, Kebashnee
    An increase in malicious, accidental, and intentional information security incidents caused by employees necessitate further research to get insights on how to detect and prevent internal attacks (Ponemon, 2021). The South African banking industry employees either choose to comply or are non-compliant to the principles of the information security policy. It is imperative to understand what factors motivate bank employees to comply and what encourages them to be non-compliant. Additionally, the study sought to understand the impact of the information security behaviour of employees on the bank. To achieve this purpose, a quantitative method was utilised in the form of an online questionnaire which was distributed to 383 bank employees. 223 valid responses were analysed using the IBM SPSS tool. The data analysis was first done by using descriptive statistics. It was followed by conducting Cronbach’s alpha test of reliability or internal consistency of the scale items used. This informs how closely related the questions in the Likert scale is related as a group. Pearson correlation and multiple regression analysis was used to assess the interrelationship between the independent and dependent variables. The researcher coined a hybrid theoretical framework named the Composite Information Security Behaviour Framework (CISB) which consists of Protective Motivation Theory (PMT), Theory of Planned Behaviour (TPB), Deterrence Theory (DT), Reactance Theory (RT) and Techniques of Neutralisation (TN). The CISB framework was able to predict 52% of the information security behaviours of bank employees in contrast to using individual information security behaviour theories on their own to predict compliant and non-compliant security behaviour. Pearson correlation indicated that the Protective Motivation Theory (PMT) and Theory of Planned Behaviour were the information security theories that most influenced positively and significantly the compliant security behaviour of bank employees. This study contributes to the body of knowledge, it explored the information security relationship employees have with information security policies and found the influences on their chosen security behaviour be it compliance or non- compliance. The contribution is to the existing research literature on the underpinning theories which are Techniques of Neutralisation, Reactance Theory, Deterrence Theory, Theory of Planned Behaviour, and Protective Motivation Theory particularly in the South African banking industry. Subsequently, with an improved understanding of the information security behaviours, the bank can implement measures to support and assist their employees with understanding the impact of their information security behaviour and create a mutually beneficial information security ecosystem for the bank and its employees.