Small and medium-sized enterprises (SMEs) make up a large percentage of businesses; they employ over 50% of all employees, and account for most partnerships in supply chain networks. This makes SME employees a target for cybercriminals. This study examines the factors that influence the security behaviour intention of SME employees to better understand how SMEs can manage cybersecurity risk caused by employee security behaviour. In a survey of 294 employees, the research model developed from the theory of planned behaviour and protection motivation theory, including the habit and hardiness personality trait, is empirically validated to understand employee security behaviour intention. The results of the study show that hardiness and habit have a significant effect on employee security behaviour intention. The findings contribute to the literature on personality traits and habit in the context of information security behaviour. The study's implications for research and practice are also discussed.
- information security
- behavior intention