Employees’ Intended Information Security Behaviour in Real Estate Organisations: a Protection Motivation Perspective

Due to the amount of identifiable customer personal, financial and other information stored by real estate organisations in their information systems, the threats are real. Challenges to secure the organisational (and customer) data are compounded by the nature of the industry (e.g. the core business and employees’ qualifications are non-security-related). To investigate the factors that influence real estate employees’ intended information security behaviour, we propose a research model based on Protection Motivation Theory (PMT) where we also include previous incidents as constituting threat appraisal components. Our findings from a survey of 105 real estate business employees in Australia reveal that perceived vulnerability, perceived severity, previous incidents, and response efficacy have a positive impact on real estate employees’ information security behavioural intention whereas self-efficacy does not. Our study also determines that response cost has a negative significant effect on intended information security behaviour.