Employees' Cybersecurity Behaviour in the Mobile Context: The Role of Self-Efficacy and Psychological Ownership

Abstract

Mobile devices are widely known to be a cybersecurity risk for organisations. However, their use for work purposes is largely becoming a common practice as most organisations rather prefer to find security countermeasures than miss out on the momentous benefits they provide. Since the weakest link in cybersecurity is the human element, organisations are increasingly looking for ways to upskill their employees so that they can be able to implement the necessary security safeguards. Yet, a concerning trend is that even individuals with a high-security self-efficacy sometimes fail to take the needed security actions. To better understand why this occurs, the present study proposes and validates psychological ownership as a possible boundary condition for explaining the security self-efficacy to security behaviour nexus in the mobile security context. Using an online survey with 214 respondents, this study showed that both the direct and indirect effects of security self-efficacy on mobile device security behaviour were moderated by psychological ownership such that the effects were more pronounced when psychological ownership was high than when it was low. The paper culminates with a discussion of the implications for theory and practice.