Title: The security environment in Indian commercial banks: an employee's information security behaviour perspective
Authors: S. Prasanna; V. Mariappan; K.A. Asraar Ahmed; V.S. Damodharan
Addresses: Department of Management Studies, B.S. Abdur Rehman Crescent Institute of Science & Technology, Tamil Nadu, 600-048, India ' Department of Banking Technology, Pondicherry University, R.V. Nagar, Kalapet, Puducherry, 605-014, India ' VIT-AP School of Business, VIT-AP University, G-30, Inavolu, Beside AP Secretariat, Amaravati, Andhra Pradesh, 522-237, India ' Abu Dhabi Vocational Education and Training Institute, Al Jazirah Institute of Science and Technology, Post Box No. 95005, Rabdan, Abu Dhabi, United Arab Emirates
Abstract: The drastic changes in technology profoundly influence organisational performance in the ICT-dominated business environment; hence, no organisation can afford to undermine technology adoption in their operations and management. However, while such technologies have benefited organisations immensely, they are not free from concerns, especially related to information security threats from outside and within the organisation, including the employees. The current study explores the information security issues emanating from employees' information security awareness, attitude, policies, and employees' information security behaviour. A structured questionnaire was administered among 420 public and private sector bank employees, and 389 responses were considered for the final analysis. Results from the structured equation modelling analysis indicate that employees' attitudes towards subjective norms and information security profoundly and positively influence their information security behaviour. Information security policy (ISP) characteristics and awareness have played an important role in shaping employees' attitudes towards ISP compliance. The findings also provide insight into factors that do not influence employees' information security behaviours (ISB) that can help the bank management improve in this area with a suitable policy framework in the future.
Keywords: information security behaviour; ISB; information security policy; ISP; information security awareness; subjective norms; cognitive evaluation theory; theory of planned behaviour.
DOI: 10.1504/IJBIR.2024.138960
International Journal of Business Innovation and Research, 2024 Vol.34 No.2, pp.277 - 298
Received: 25 Feb 2022
Accepted: 04 Aug 2022
Published online: 05 Jun 2024 *