Abstract
Digitization of transactions in Banks has developed exponentially since the advent of the internet technology. This has brought about efficiency and high quality service delivery at all times. However, cyber threats also continue to grow exponentially in spite of various initiatives to counter the threats. There are numerous technology initiatives to address the issue of cyber threats but the problem still persists. There is very limited research on how to leverage on human behaviours to effectively improve Cyber security compliance behaviours in Banks. Investigating Cyber security Compliance behaviours in Banks has therefore become inevitable. The main purpose of this study was to determine the factors that influence cyber security compliance behaviours in banks operating in Kenya. This was accomplished using a model that was based on an integration of three theories: Institutional Theory, the Protection Motivational Theory (PMT) and the General Deterrence Theory (GDT). In order to empirically test the relationships between the independent and dependent variables, data were collected from 75 purposively selected bank employees in Kenya. The Research was carried out using the mixed (both quantitative and qualitative) approach and survey tools used to collect data were verified for reliability and validity before being used. Data analysis was carried out using SPSS Version 25.0, MS Excel 2013, and WarpPLS (SEM) Version 7.0. The findings of our study indicate that the direct paths from the independent variables “Normative pressure” (p = 0.026, β = 0.213), “Self-Efficacy” (p < 0.001, β = 0.440), “Punishment certainty” (p = 0.024, β = 0.217), “Age” (p = 0.013, β = 0.243), “Prior experience with computers” (p = 0.004, β = -0.284) were found to have a positive, direct and significant influence on a bank employee cyber security compliance behaviours. “Top management commitment” was found to partially mediate between self-efficacy and Cyber security compliance behaviours.
Bank management may find the results useful for future policy formulation in relation to cyber-security compliance behaviours. Researchers and scholars may also find the results useful in terms of contribution to the body of knowledge and further investigation to fill the gaps identified by the study.
Keywords
References
- Arachchilage, N. A. G., & Love, S. (2014). Security awareness of computer users: A phishing threat avoidance perspective. Computers in Human Behaviours, 38, 304-312.Google Scholar ↗
- Babbie, ER (2004). The Practice of Social Research – 10th Edition Journal ofGoogle Scholar ↗
- Asynchronous Learning Networks (JALN), 4(2) 7-41, available at http://www.sloan-c.org/publications/jaln/v4n2/pdf/v4n2_fredericksen.pdf.Google Scholar ↗
- Beniteza J., Henseler J., Castillo A., Schuberth F. How to perform and report an impactful analysis using partial least squares: Guidelines for confirmatory and explanatory IS research. Information & Management 57(2020) 103168 Available at https://doi.org/10.1016/j.im.2019.05.003 [Accessed on 23/07/2022]DOI ↗Google Scholar ↗
- Bohme, R., & Moore, T. (2012). Challenges in empirical security research. Technical report, Singapore Management University.Google Scholar ↗
- Boss S. R., Galletta D. F., Lowry P. B., Moody G. D., Polak P., What do systems users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviors, MIS Q. 39 (4) (2015) 837–864Google Scholar ↗
- Connelly, L. M. (2008). Pilot studies. Medsurg Nursing, 17(6), 411-412.Google Scholar ↗
- Dinesh Reddy & Glenn Dietrich. Cyber security Training and the End-User: Pathways to Compliance Journal of The Colloquium for Information System Security Education (CISSE) Edition 5, Issue 1 - October 2017Google Scholar ↗
- Fornell, C. & Larcker D. F. (1881). Evaluating structural equation models with unobservable variables and measurement error. JMR, JOURNAL OF Marketing Research, 18(1), 39-50. doi: 10.2307/3151312DOI ↗Google Scholar ↗
- Hayduk L., Shame for disrespecting evidence: the personal consequences of insufficient respect for structural equation model testing, BMC Med. Res. Methodol. 14 (124) (2014) 1–10.Google Scholar ↗
- Henseler, J., Ringle, C. M., & Sarstedt, M. (2015). A new criterion for assessing discriminant validity in variance-based structural equation modeling. Journal of the Academy of Marketing Science, 43(1), 115–135. https://doi.org/10.1007/s11747-014-0403-8DOI ↗Google Scholar ↗
- Herath T, Rao HR. Encouraging information security behaviors in organisations:Role of penalties, pressures and perceived effectiveness. Decision Support Systems. 200; p. 154-165.Google Scholar ↗
- Lynne, Pam Briggs, John Blythe and Minh. Using behavioural insights to improve the public’s use of cyber security best practices – 2014 Available at https://www.gov.uk/go-science [Accessed on 12/03/2022]Google Scholar ↗
- Saunders, M., Lewis, P. & Thornhill, A. (2012) “Research Methods for Business Students” 6th edition, Pearson Education LimitedGoogle Scholar ↗
- Serianu (2019) Kenya Cyber security Report 2019 Nairobi, Kenya: Serianu Cyber Threat Intelligence Team. Available at: https://www.serianu.com/downloads/KenyaCyberSecurityReport2019.pdfGoogle Scholar ↗
- [Accessed on 23/9/2022]Google Scholar ↗
- Tim Chenoweth, Robert Minch & Tom Gattiker; Application of Protection Motivation Theory to Adoption of Protective Technologies proceedings of 42nd Hawaii International Conference on System Science – 2009.Google Scholar ↗
- Vijayan J., Target Breach Happened Because of a Basic Network Segmentation Error, Computerworld, Feb. 6, 2014, available online at http://www. computerworld.com/article/2487425/cybercrime-hacking/target-breachhappened-because-of-a-basic-network-segmentation-error.htmlGoogle Scholar ↗
- Xiaofeng Chen, Dazhong Wu, Liqiang Chen, Joe Teng K. L..(2018) Sanction severity and employees’ information security policy compliance: Investigating mediating, moderating, and control variables Information & Management journal Available at: www.elsevier.com/locate/im [Accessed on 12/09/2022]Google Scholar ↗