An application and empirical test of the Capability Opportunity Motivation-Behaviour model to data leakage prevention in financial organizations

It is widely agreed that technology alone cannot prevent cyber incidents. Organizations often need to rely on the cooperation of employees, for instance to report cyber incidents and to follow security policies. This research article presents a model of how the psychological constructs capability, opportunity and motivation interact to produce employee security behaviours that are assumed to help prevent data leakage incidents. To validate this model we surveyed 384 bank employees about their data leakage prevention behaviour. Results generally show that capability (i.e., knowledge) is uniquely related to data leakage prevention behaviour, and that motivation and opportunity are uniquely related to capability. Our findings suggest that although knowledge is pivotal for achieving desired behaviour, increasing motivation and opportunity may be key to influence knowledge acquiring and consequently data leakage prevention behaviour. Implications for information security practice are discussed.