The antecedents of employees' proactive information security behaviour: The perspective of proactive motivation

Abstract

Organisational information security (ISec) protection is undergoing a turbulent shift in the workplace environment. In an environment of ever-increasing risks of insider threats and external cyberattacks, individual employees are often expected to take the initiative to solve organisational security problems. This study therefore focuses on employees' proactive information security behaviours (ISBs)—behaviours that are self-initiated, change-oriented, and future-focused—and the motivations that compel employees to protect organisational assets. We ground our study in Parker et al. (2010) proactive motivation theory (ProMT) and develop an integrated multilevel model to examine the respective effects of proactive motivational states, that is, can-do, reason-to, and energised-to motivations, on employees' proactive ISBs. We also explore the roles of individual differences and contextual factors—namely, proactive personality and supervisory ISec support—and their influences on proactive motivational states. Data were collected from 210 employees situated in 55 departments distributed among multiple organisations located in China. The results show that supervisory ISec support positively influences employees' proactive motivational states and thereby boosts employees' proactive ISBs. Proactive personality negatively moderates the effect of supervisory ISec support on flexible security role orientation (reason-to motivation). By identifying the antecedents of employees' proactive ISBs, we make key theoretical contributions to ISec research and valuable practical contributions to organisational ISec management.