Cracking the Code

Abstract

With the expanding reach of the Internet of Things, information security threats are increasing, including from the very professionals tasked with defending against these threats. This study identified factors impacting information security behavior among these individuals. Protection motivation theory and the theory of planned behavior were employed along with work-related organizational factors as a theoretical framework. Data were collected through a survey of 595 information security professionals working in Saudi information technology companies. Structural equational modeling was used to analyze the data. Threat susceptibility, threat severity, self-efficacy, response cost, fear attitude, behavioral control, subjective norms, and organizational commitment were found to play a significant role in information security protection motivation and behavior, while job satisfaction did not.