| 總結: | The constant increase in cyber security breaches (CSB) has raised concerns globally
mainly due to deviant behaviour of employees. Previous studies have claimed that a lack
of security technologies and capabilities have contributed to these breaches. Despite
increasing cyber security investment, organisations continue to experience security
breaches. In light of the non-excludability of cyber security as a public good, this study
seeks to examine factors that stimulate cooperation to comply with security requirements
to prevent security breaches. However, little work has examined the relationship between
non-excludability of cyber security and cooperative behaviour to achieve cyber security
compliance (CSC) in organisations. Hence, this thesis presents an in-depth analysis of
cooperation to address CSC in critical national information infrastructure (CNII) sectors
in Malaysia. Specifically, this study aims to: i) investigate factors that influence
employees' cooperative behavioural intentions (ITC) in achieving CSC; ii) analyse the
mediation effect of organisational security practices by employees' cooperative behaviour
in promoting CSC; and iii) identify the effectiveness of cyber security governance
instruments implemented at organisational, sectoral and national levels in Malaysia. A
representative sample of 155 organisations with 69.7 % from a population of 220 from
these sectors participated in this study. The important CSC factors were included:
effective security awareness (ESA), technical capability (TC), security role (SR) and
institutional role (IR) (which constitute cooperation), top management commitment
(TMC), structured security processes (SSP), security investment (SI) and organizational,
sectoral and national governance instruments sectoral and national governance
instruments. Various statistical methods including binary logistic regression, Karlson
Holm and Breen method and ordinal logistic regression were deployed to answer each research question. The findings were subsequently confirmed by face-to-face interviews.
The findings show that ESA (OR = 2.561, p = 0.04), SR for top management (OR = 3.224,
p = 0.06) and middle management (OR = 2.759, p = 0.020) and IR (OR = 1.528, p =
0.044) significantly predict ITC. Employees’ ITC can be strengthened by instilling a
sense of belongingness through ESA and internalisation of IR to behave altruistically to
achieve a common goal. The findings also show that large workforce organisations (OR
= 0.342, p = 0.026) are less likely to contribute to ITC, indicating that opportunistic
behaviour looms strongly in large groups. Furthermore, ITC contributed significantly (OR
= 0.067, p = 0.001) to employees’ cooperation in organizations. The results also show
that cooperation partially mediates the relationship between both TMC (OR = 0.222, p =
0.002) and SSP (OR = 1.555, p = 0.006) with CSC, where SSP has stronger mediation
effect (30.63 %) than TMC (16.67 %). This study also shows how inter-related tasks
embedded in security processes require cooperative and collective efforts to promote
CSC, in which security information and knowledge are transferred in a structured and
systematic manner. Finally, this thesis shows that cyber security governance instruments
implemented in organisations (OR = 2.469, p = 0.000) and at national level (OR = 4.242,
p = 0.003) are more likely to be more effective than across sectors in achieving CSC in
organisations.
|
|---|
