Cyber resilience in banking: investigating employee knowledge and behavioural influences
Tanvi Godbole, Rashmi Ranjan Panigrahi, Saikat GochhaitPurpose
The purpose of this research is to investigate the impact of investments in cybersecurity, compliance with cybersecurity regulations and the overall cybersecurity posture on the cyber resilience behaviour of Indian banking staff. It also examines how expertise and the sharing of policy-related knowledge among employees mediate the relationship between cybersecurity posture and cybersecurity resilience behaviour.
Design/methodology/approach
This study used partial least squares structural equation modelling to analyse data collected from 308 banking professionals across eight private-sector banks in India. The technique was used to assess the reliability and validity of the measurement model and examine the hypothesised relationships, including mediating effects, within the proposed framework.
Findings
The findings demonstrate that investment in cybersecurity and effective adherence to cybersecurity regulations are significant contributors to the behaviour of employees in banks to be cyber resilient. In addition, the role of employees in knowledge sharing and their expertise as a mediator between a bank’s cybersecurity posture and its cyber resilience behaviour has been confirmed.
Originality/value
The paper fills a major gap by offering a framework specifically formulated to evaluate the behaviour of cyber resilience among Indian banks, an area where there is a dearth of models. It goes beyond the technical orientation of the earlier studies to underscore vital human elements of human conduct, especially knowledge sharing and expertise of the employees. In the rapidly digitalising banking landscape, where cyber risks are becoming increasingly prominent, these behavioural factors need to be identified to develop a cyber-resilient culture and mitigate the effects of security breaches.