Non-Malicious Data Breach (NMDB) Behaviours Within the Australian Home Context

Information security management in the home context has become a priority for Australian organisations because of the Coronavirus (COVID-19) pandemic. There is a growing body of literature studying employees’ non-malicious security violation policy behaviour within the workplace context. However, this study is the first to investigate a novel and critical threat: employees’ non-malicious data breach (NMDB) behaviour in the home context, which is neither adequately theorised nor empirically tested. Employing a composite behaviour model (CBM) approach, this research examines different kinds of NMDB behaviour and the factors that lead to this behaviour. In this research study, an embedded sequential mixed-methods approach that included qualitative and quantitative methods was undertaken to investigate such behaviour and its influencing factors. This research study has two stages. These comprise a qualitative stage that developed and tested realistic hypothetical scenarios representing non-malicious violation behaviour with five Australian employees who work from different industries. The main method is the quantitative stage in which data are collected and analysed with respect to the relationships between behavioural factors. A survey questionnaire was administered to collect the data. Using web-based online surveys, 324 useful responses were obtained from employees working in various industries and regions across Australia. Collected data were analysed using SPSS and PLS-SEM. Construct validity and reliability tests were conducted, and the structural model was assessed to examine the research hypotheses (Chapter 7). Results indicated that the attitude towards behaviour, habit, perceived identity match, and role of responsibility positively influence NMDB behaviour. The habit factor plays a vital role in explaining this behaviour. Furthermore, personal self-sanction along with general information security awareness variables plays an essential part in discouraging such NMDB behaviour, including the perceived identity match factor. This research contributes to the body of knowledge by highlighting unexplored non-malicious security violation behaviour within the Australian home context. This, in turn, helps to highlight the threat to Australian industries, foregrounding the need to enhance their employees’ security awareness.<p></p>