The Workplace Information Sensitivity Appraisal (WISA) scale

Human error in security plays a significant role in the majority of cyber-attacks on businesses. Security behaviours are impacted by numerous factors, including individual perceptions of information sensitivity. However, there is currently a lack of empirical measurement of information sensitivity and its role in determining security behaviours. This research presents a measure of information sensitivity appraisal that predicts security behaviour. We outline the design, development and validation of the Workplace Information Sensitivity Appraisal scale. The psychometric properties were assessed with data from an online sample of 326 employees in the UK. The scale comprises of five subscales: Privacy, Worth, Consequences, Low proximity interest by others and High proximity interest by others. The final 16-item WISA scale, alongside its five subscales, represents a comprehensive measure of information sensitivity appraisal in the workplace. The WISA scale has been found to have strong factorial validity, confirmed across eight information types, strong content validity, good criterion-related validity, adequate discriminant validity, and high internal reliability. This research utilised the WISA scale to explore sensitivity differences across eight information types: four concerning living individuals (Personal, Health, Financial & Lifestyle) and four organisationally-focused information types (IP, day to day, commercial & HR). Financial information was found to have the highest ratings for overall sensitivity followed by health and HR. Finally, scores for the WISA scale predicted a range of security behaviours including password usage, secure Wi-Fi usage, physical security and avoiding security risks. This demonstrates the potential role for information sensitivity appraisal as a determinant of security behaviours.