The antecedents of employees’ proactive information security behavior: The perspective of proactive motivation

Organizational information security (ISec) protection is undergoing a turbulent shift in the workplace environment. In an environment of ever-increasing risks of insider threats and external cyberattacks, individual employees are often expected to take the initiative to solve organizational security problems. This study therefore focuses on employees’ proactive information security behaviors (ISBs)—behaviors that are self-initiated, change-oriented, and future-focused—and the motivations that compel employees to protect organizational assets. We ground our study in Parker et al.’s (2010) proactive motivation theory (ProMT) and develop an integrated multilevel model to examine the respective effects of proactive motivational states, that is, can-do, reason-to, and energized-to motivations, on employees’ proactive ISBs. We also explore the roles of individual differences and contextual factors—namely, proactive personality and supervisory ISec support—and their influences on proactive motivational states. Data were collected from 210 employees situated in 55 departments distributed among multiple organizations located in China. The results show that supervisory ISec support positively influences employees’ proactive motivational states and thereby boosts employees’ proactive ISBs. Proactive personality negatively moderates the effect of supervisory ISec support on flexible security role orientation (reason-to motivation). By identifying the antecedents of employees’ proactive ISBs, we make key theoretical contributions to ISec research and valuable practical contributions to organizational ISec management.