The impact of security awarness on information technology professionals' behavior

Protecting digital assets is a growing concern for corporations, as cyberattacks affect business performance, reputation, and compromise intellectual property. Information technology (IT) security in general and cyber security, in particular, is a fast-evolving area that requires continuous evaluation and innovation. The objective of cyber-attacks has not changed over time however there is a shift in the attack methods through the increased use of social engineering, concentrating on the human elements as the weakest link in the security posture of any system network. This research looks at the relationship between threat awareness and countermeasure awareness on IT professionals' compliance with desktop security behaviors. The model originally put forward by Hanus and Wu (2016), was tested on a population of 400 IT professionals across a broad range of IT roles and company sizes in the United States. The overall findings show that 61.2% of the variability in desktop security behavior can be explained by threat awareness and countermeasure awareness. In addition, the research found a determinant relationship between threat awareness and countermeasure awareness with the five elements of protective motivation theory (PMT), which include perceived severity, perceived vulnerability, self-efficacy, response efficacy, and response cost. Finally, the research shows that all elements of PMT, with the exception of perceived vulnerability, significantly determine desktop security behavior.