Shaping intention to resist social engineering through transformational leadership, information security culture and awareness
2016 (English)In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 59, 26-44 p.Article in journal (Refereed) PublishedText
This paper empirically investigates how organizational and individual factors complement each other in shaping employees' intention to resist social engineering. The study followed a mixed methods research design, wherein qualitative data were collected to both establish the study's research model and develop a survey instrument that was distributed to 4296 organizational employees from a diverse set of organizations located in Sweden. The results showed that attitude toward resisting social engineering has the strongest direct association with intention to resist social engineering, while both self-efficacy and normative beliefs showed weak relationships with intention to resist social engineering. Furthermore, the results showed that transformational leadership was strongly associated with both perceived information security culture and information security awareness. Two mediation tests showed that attitude and normative beliefs partially mediate the effect of information security culture on employees' intention to resist social engineering. This suggests that both attitude and normative beliefs play important roles in governing the relationship between information security culture and intention to resist social engineering. A third mediation test revealed that information security culture fully explains the effect of transformational leadership on employees' attitude toward resisting social engineering. Discussion of the results and practical implications of the performed research are provided.
Place, publisher, year, edition, pages
Elsevier, 2016. Vol. 59, 26-44 p.
Transformational leadership, Information security culture, Information security awareness, Theory of planned behavior, Social engineering, Mixed methods research
Electrical Engineering, Electronic Engineering, Information Engineering
IdentifiersURN: urn:nbn:se:kth:diva-188044DOI: 10.1016/j.cose.2016.01.004ISI: 000375737400003ScopusID: 2-s2.0-84961148106OAI: oai:DiVA.org:kth-188044DiVA: diva2:936172
QC 201606132016-06-132016-06-032016-06-13Bibliographically approved