Exploring Factors Influencing Self-Efficacy in Information Security an Empirical Analysis by Integrating Multiple Theoretical Perspectives in the Context of Using Protective Information Technologies

Cybersecurity threats confront the Unites States on a daily basis, making them one of the major national security challenges. One approach to meeting these challenges is to improve user cybersecurity behavior. End user security behavior hinges on end user acceptance and use of the protective information technologies such as anti-virus and anti-spyware. A key and often researched predictor of user security behavior is self-efficacy in information security. Self-efficacy in information security is also modeled as a mediator between factors affecting self-efficacy in information security and the end user cybersecurity behavior. However, it is not clearly established in past literature on whether self-efficacy in information security is better modeled as a predictor or as a mediator. It is stressed in literature that we should find new ways to improve self-efficacy in information security. However, insufficient research has focused specifically on what factors influence self-efficacy in information security. Enhancement of self-efficacy in information security will further gain significance if self-efficacy is proven to be better modeled as a mediator than a predictor variable. Accordingly, the purpose of this research is to empirically investigate what factors influence self-efficacy in information security, and to examine the relative effect of each theorized factor (including self-efficacy) in increasing information security.

Using self-efficacy theory and security education training awareness (SETA) as a theoretical lens, a research model is developed with eight factors influencing self-efficacy in information security. Using 207 survey responses from home computer users, the data was analyzed using CB-SEM technique. The results show that cybersecurity conceptual knowledge, cybersecurtiy positive experience, cybersecurity observational learning and computer anxiety significantly influenced self-efficacy in information security. Results also show that self-efficacy is better modeled as a mediator variable than a predictor variable in order to better predict cybersecurity behavior.