Costly but effective: Comparing the factors that influence employee anti-malware behaviours

A cross sectional survey examined an extended version of Protection Motivation Theory (PMT) to identify factors that influence employees' intentions to perform three anti-malware behaviours. 526 employees completed an online survey that measured an employees' threat (severity and susceptibility) and coping (self-efficacy, response efficacy and response costs) appraisal. The survey also extended PMT to include additional factors of experience, psychological ownership, organisational citizenship and security responsibility. Factors were found to have differing effects on employees' intentions to engage in anti-malware behaviours indicating the importance of targeted behavioural analyses. From PMT, coping appraisal was more predictive of security behaviours than threat appraisal. Specifically, across all behaviours, response costs were identified as a key factor that may be a barrier to behaviour whereas response efficacy was a key facilitator. Moreover, additional factors to extend PMT contributed unique variance to predicting each anti-malware behaviour. The study highlights the importance of identifying key factors prior to intervention development and demonstrates the benefit of expanding on behavioural theories to account for factors that may be important for the cybersecurity context.