A study on employees' perception of information security incidents through protect behaviors in Vietnamese enterprises

Abstract

The Internet has become an essential tool for businesses, playing a critical role in their operations. However, safeguarding information security is paramount for both individuals and organizations. Experts emphasize that technology alone cannot ensure a secure environment; user behavior is a crucial factor. Hackers employ various techniques to exploit the confidentiality, integrity, and availability of information for personal gain, while users, whether through negligence or intent, significantly contribute to security risks. Common causes of breaches include ignorance, carelessness, lack of awareness, and indifference. The impact of security incidents has driven organizations to adopt protective measures. Although technological solutions are vital, maintaining computer security also relies heavily on individual actions. Our research aimed to explore employees' perceptions of information security through protective behavior within businesses. To conduct our analysis, we gathered data from 250 employees across diverse industries through self-reported information and an online survey. We constructed six independent and two dependent variables, with the variable PB (Protect Behavior) serving dual roles as both a mediator and a dependent variable. The primary objective of our research was to examine employees' perceptions of information security incidents through their protective behaviors. Our findings indicate that while awareness of information security incidents exists, it is limited to only a few aspects and is not statistically significant. We also observed that inadequate protective behaviors act as a mediating factor; however, they represent a distinct dimension worthy of exploration. In summary, employees engage in protective actions concerning information security, but there remains a lack of awareness regarding actual information security incidents.