Reliable Behavioural Factors in the Information Security Context

Users do often not behave securely when using information technology. Many studies have tried to identify the factors of behavioural theories which can increase secure behaviour. The goal of this work is to identify which of the factors are reliably associated with secure behaviour across multiple studies. Those factors are of interest to information security professionals since addressing them in security awareness and education campaigns can help improving security related processes of users. To attain our goal, we conducted a systematic literature review and assessed the reliability of the factors based on the effect sizes reported in the literature. Our results indicate that 11 out of the 14 factors from well established behavioural theories can be associated with reliable effects in the information security context. These factors cover very different aspects: influence of the users skills, whether the environment makes it possible to exhibit secure behaviour, the influence of friends or co-workers, and the perceived properties of the secure behaviour (e.g. response cost). Also, we identify areas, where more studies are needed to increase the confidence of the factors’ reliability assessment.