Exploring the role of work identity and work locus of control in information security awareness

A growing body of research evidence has been focused on exploring aspects of individual differences in the context of human factors and adherence to organisational information security. The present study aimed to extend this research by exploring three individual variables related directly to the individual's perceived control within the workplace, their commitment to current work identity, and the extent to which they are reconsidering commitment to work. A total 1003 participants aged between 18–65 (Mean = 40.29; SD = 12.28), who were in full or part-time employment took part in the study. The results demonstrated that work locus of control acted as a significant predictor for total scores on a measure of information security awareness. Those individuals who demonstrated more externality had weaker engagement in accepted information security within the workplace. The findings from the current study are discussed in the context of potential links to counterproductive work behaviours, as well as presenting possible practical routes for intervention strategies to help mitigate poor engagement in information security awareness