Factors influencing the information security behaviour of IT employees

Although non-IT employees have received considerable attention in security research, IT employees have received scant attention, even though they might be very different to non-IT employees. To address this gap, we developed a model based on protection motivation theory, deterrence theory and the theory of reasoned action. We conducted a quantitative survey of IT employees to determine which factors influenced their information security behavioural intentions. Although sometimes contrary to findings regarding non-IT employees, the influential factors were: self-efficacy; and perceived impact of a potential event; with cues to action exerting a significant influence on that perceived impact. These results have significant academic and practical implications.