Table 1.
Survey items.
| Construct and items | Loadings | Cronbach alpha | |
| Attitudes toward information security policy | .86 | ||
|
|
I believe it is beneficial for our organization to establish clear information security policies, practices, and technologies.a | 0.891 |
|
|
|
I believe it is useful for our organization to enforce its information security policies, practices, and technologies.a | 0.756 |
|
|
|
I believe it is a good idea for our organization to establish clear information security policies, practices, and technologies.a | 0.884 |
|
| Subjective norm | .93 | ||
|
|
People who influenced my behavior would think that I should follow the policies and procedures and use the cybersecurity technologies.a | 0.844 |
|
|
|
People whose opinions are important to me would think that I should follow the policies and procedures and use the cybersecurity technologies.a | 0.955 |
|
|
|
People whom I respect would think that I should follow the policies and procedures and use the cybersecurity technologies.a | 0.952 |
|
| Perceived behavioral control | .79 | ||
|
|
I am able to follow the cybersecurity policies and procedures and technologies (eg, antivirus, or other products).a | 0.665 |
|
|
|
I have the resources and knowledge to follow the policies and procedures and use the cybersecurity technologies.a | 0.917 |
|
|
|
I have adequate training to follow the policies and procedures and use cybersecurity technologies.a | 0.850 |
|
| Intention to comply |
|
1 | |
|
|
I intend to follow the information security policies and practices at work.c | 1 |
|
| Collective felt trust | .77 | ||
|
|
Management lets me have an impact on issues they find important.a | Dropped |
|
|
|
Management does not feel the need to keep an eye on me.a | 0.773 |
|
|
|
Management would be comfortable assigning me a critical task, even if they cannot monitor my actions.a | 0.735 |
|
|
|
Management believes that employees can be trusted.a | 0.688 |
|
| Trust in technology—reliability | .95 | ||
|
|
The cybersecurity software at my workplace (eg, antivirus and firewall) is reliable.a | 0.897 |
|
|
|
The cybersecurity software at my workplace does not fail me.a | 0.939 |
|
|
|
The cybersecurity software at my workplace provides accurate service.a | 0.893 |
|
| Trust in technology—functionality | .95 | ||
|
|
The cybersecurity software at my workplace has the functionality I need.a | 0.946 |
|
|
|
The cybersecurity software at my workplace has the features required for my tasks.a | 0.929 |
|
|
|
The cybersecurity software at my workplace has the ability to do what I want it to do.a | 0.909 |
|
| Perceived information security risk | .93 | ||
|
|
At my workplace, the risk to my computer and data from Internet security breaches isd: | 0.704 |
|
|
|
At my workplace, the likelihood that my computer will be disrupted due to Internet security breaches within the next 12 months isd: | 0.918 |
|
|
|
At my workplace, the chance that my computer will fall a victim to an Internet security breach isd: | 0.967 |
|
|
|
At my workplace, the vulnerability of my computer and data to Internet security risks isd: | 0.910 |
|
| Workload | .82 | ||
|
|
I feel that the number of requests, problems, or complaints I deal with at work is more than expected.a | Dropped |
|
|
|
I feel that the amount of work I do interferes with how well it is done.a | 0.588 |
|
|
|
I feel busy or rushed at work. (R)e | 0.916 |
|
|
|
I feel pressured at work. (R)e | 0.818 |
|
aStrongly agree, somewhat agree, neither agree nor disagree, somewhat disagree, strongly disagree.
bNot applicable.
cSingle-item measurement; strongly agree, agree, somewhat agree, neither agree nor disagree, somewhat disagree, disagree, strongly disagree.
dExtremely high, somewhat high, neither high nor low, somewhat low, or extremely low.
e(R): Reverse coded item; always, most of the time, about half the time, sometimes, never.