Factors That Influence Cybersecurity Compliance Behaviours by Bank Employees: A Case of Banks Operating In Kenya
Downloads
Digitization of transactions in Banks has developed exponentially since the advent of the internet technology. This has brought about efficiency and high quality service delivery at all times. However, cyber threats also continue to grow exponentially in spite of various initiatives to counter the threats. There are numerous technology initiatives to address the issue of cyber threats but the problem still persists. There is very limited research on how to leverage on human behaviours to effectively improve Cyber security compliance behaviours in Banks. Investigating Cyber security Compliance behaviours in Banks has therefore become inevitable. The main purpose of this study was to determine the factors that influence cyber security compliance behaviours in banks operating in Kenya. This was accomplished using a model that was based on an integration of three theories: Institutional Theory, the Protection Motivational Theory (PMT) and the General Deterrence Theory (GDT). In order to empirically test the relationships between the independent and dependent variables, data were collected from 75 purposively selected bank employees in Kenya. The Research was carried out using the mixed (both quantitative and qualitative) approach and survey tools used to collect data were verified for reliability and validity before being used. Data analysis was carried out using SPSS Version 25.0, MS Excel 2013, and WarpPLS (SEM) Version 7.0. The findings of our study indicate that the direct paths from the independent variables “Normative pressure” (p = 0.026, β = 0.213), “Self-Efficacy” (p < 0.001, β = 0.440), “Punishment certainty” (p = 0.024, β = 0.217), “Age” (p = 0.013, β = 0.243), “Prior experience with computers” (p = 0.004, β = -0.284) were found to have a positive, direct and significant influence on a bank employee cyber security compliance behaviours. “Top management commitment” was found to partially mediate between self-efficacy and Cyber security compliance behaviours.
Bank management may find the results useful for future policy formulation in relation to cyber-security compliance behaviours. Researchers and scholars may also find the results useful in terms of contribution to the body of knowledge and further investigation to fill the gaps identified by the study.
Downloads
1. Arachchilage, N. A. G., & Love, S. (2014). Security awareness of computer users: A phishing threat avoidance perspective. Computers in Human Behaviours, 38, 304-312.
2. Babbie, ER (2004). The Practice of Social Research – 10th Edition Journal of
3. Asynchronous Learning Networks (JALN), 4(2) 7-41, available at http://www.sloan-c.org/publications/jaln/v4n2/pdf/v4n2_fredericksen.pdf.
4. Beniteza J., Henseler J., Castillo A., Schuberth F. How to perform and report an impactful analysis using partial least squares: Guidelines for confirmatory and explanatory IS research. Information & Management 57(2020) 103168 Available at https://doi.org/10.1016/j.im.2019.05.003 [Accessed on 23/07/2022]
5. Bohme, R., & Moore, T. (2012). Challenges in empirical security research. Technical report, Singapore Management University.
6. Boss S. R., Galletta D. F., Lowry P. B., Moody G. D., Polak P., What do systems users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviors, MIS Q. 39 (4) (2015) 837–864
7. Connelly, L. M. (2008). Pilot studies. Medsurg Nursing, 17(6), 411-412.
8. Dinesh Reddy & Glenn Dietrich. Cyber security Training and the End-User: Pathways to Compliance Journal of The Colloquium for Information System Security Education (CISSE) Edition 5, Issue 1 - October 2017
9. Fornell, C. & Larcker D. F. (1881). Evaluating structural equation models with unobservable variables and measurement error. JMR, JOURNAL OF Marketing Research, 18(1), 39-50. doi: 10.2307/3151312
10. Hayduk L., Shame for disrespecting evidence: the personal consequences of insufficient respect for structural equation model testing, BMC Med. Res. Methodol. 14 (124) (2014) 1–10.
11. Henseler, J., Ringle, C. M., & Sarstedt, M. (2015). A new criterion for assessing discriminant validity in variance-based structural equation modeling. Journal of the Academy of Marketing Science, 43(1), 115–135. https://doi.org/10.1007/s11747-014-0403-8
12. Herath T, Rao HR. Encouraging information security behaviors in organisations:Role of penalties, pressures and perceived effectiveness. Decision Support Systems. 200; p. 154-165.
13. Lynne, Pam Briggs, John Blythe and Minh. Using behavioural insights to improve the public’s use of cyber security best practices – 2014 Available at https://www.gov.uk/go-science [Accessed on 12/03/2022]
14. Saunders, M., Lewis, P. & Thornhill, A. (2012) “Research Methods for Business Students” 6th edition, Pearson Education Limited
15. Serianu (2019) Kenya Cyber security Report 2019 Nairobi, Kenya: Serianu Cyber Threat Intelligence Team. Available at: https://www.serianu.com/downloads/KenyaCyberSecurityReport2019.pdf
[Accessed on 23/9/2022]
16. Tim Chenoweth, Robert Minch & Tom Gattiker; Application of Protection Motivation Theory to Adoption of Protective Technologies proceedings of 42nd Hawaii International Conference on System Science – 2009.
17. Vijayan J., Target Breach Happened Because of a Basic Network Segmentation Error, Computerworld, Feb. 6, 2014, available online at http://www. computerworld.com/article/2487425/cybercrime-hacking/target-breachhappened-because-of-a-basic-network-segmentation-error.html
18. Xiaofeng Chen, Dazhong Wu, Liqiang Chen, Joe Teng K. L..(2018) Sanction severity and employees’ information security policy compliance: Investigating mediating, moderating, and control variables Information & Management journal Available at: www.elsevier.com/locate/im [Accessed on 12/09/2022]
Copyright (c) 2024 CPA Dr. Leonard W. Wakoli
This work is licensed under a Creative Commons Attribution 4.0 International License.
