Security breaches in organizations have been on the rise in recent years. It is becoming increasingly necessary for organizations to investigate and research the causes of these flaws. A better understanding of the elements that cause security breaches can correct gaps in either knowledge, human resources and/or materials resources. Elements well-identified in previous studies, such as the tendency to morally disengage (MD), the information security awareness (ISA), and the counterproductive work behaviours (CWB), can all be the causes of faults of human nature. For example, in the United Kingdom, among the companies that reported a cybersecurity breach in the last year, 75% of those incidents were related to employee behaviour (Digital, Cultural and Media Department, 2018).
Based on the literature and previous research, researchers Hadlington & al. (2021) set out to examine how individual differences in moral disengagement (MD) relate to information security awareness (ISA). Indeed, they based their study on previous research that shed light on the relationships between an individual’s propensity to morally disengage (MD) as directly linked to the adoption of counterproductive behaviours at work. This link can lead to a decrease or even a withdrawal of participation in Information Security Awareness (ISA). The hypothesis put forward by the researchers is then that people who are less MD have higher levels of ISA. The second objective of the research is to explore the potential of the affective, cognitive facets of ISA, specifically individuals’ knowledge and attitude, to observe the relationship between MD and CWB and the relationship between MD and the more specific behavioural aspects of ISA.
To do this, 718 participants completed a questionnaire through Qualtrics Participants Panels. Participants were required to be a minimum of 18 years old, use a computer for a minimum of 20% of their working day, and work for an organization with either formal or informal rules regarding the use of technology information.
After completing several analyses, including correlation, descriptive and hierarchical regression analyses, the authors concluded that the propensity to disengage morally plays an essential role in ISA, particularly the diffusion of responsibility. They also observed that knowledge and attitude regarding ISA, as assumed in the hypothesis, were part of a conciliation mechanism underlying the relationship between MD and ISA behaviours and MD and CWB. This establishes that the ISA and CWB constructs follow one another and affect them both, having an undeniable impact on each other.
This study is relevant to cybersecurity researchers and practitioners who want to prevent security breaches in their organizations. In addition to demonstrating the relevance of focusing on human behaviours in cybersecurity, the study highlights the importance of targeted interventions to improve the knowledge and attitudes of the ISA. Also, while increasing employees’ sense of responsibility for the information they work with.
