Protection Motivation Theory in Information Security Behavior Research: Reconsidering the Fundamentals

Scholars commonly use protection motivation theory (PMT) by Rogers to examine information systems (IS) security behaviors and behavioral intentions. A recent influential paper by Boss, Galletta, Lowry, Moody, and Polak (2015; hereafter BGLMP) in MIS Quarterly outlines correct and incorrect uses of PMT in Information Security behavior research. In this paper, we review some of BGLMP’s key recommendations, such as the claim that all IS behavior studies that apply PMT should always use the model of the full theory, contain and measure fear, and measure actual behaviors. We defend an interpretation of Rogers (1975, 1983) that differs from the interpretation that BGLMP propose. We present evidence that Rogers’ PMT and the empirical evidence do not adequately support many of BGLMP’s suggestions and that these suggestions contradict good scientific practices (e.g., restricting the use of the method of isolation) that the philosophy of science and the original literature on PMT uphold. As a result, if reviewers and editors continue to embrace these recommendations, they could hinder the progress of IS behavior research by not allowing isolation or the combination of different theoretical components. In contrast to BGLMP’s paper, we argue that further PMT research can focus on isolated PMT components and combine them with other theories. Some of our ideas (e.g., isolation) are not PMT-specific and could be useful for IS research in general. In summary, we contest BGLMP’s recommendations and offer revised recommendations in return

Irrational Human Factors in Behavioral Information Security: Familiarity, Fear, and a Change of Mind

Behavioral information security (ISec) is an important research stream for management information systems (MIS) that relies on developments in other human sciences. In this dissertation, we investigate the psychological side of MIS by discussing the relationship between a few selected irrational human factors and persuasive information security communication. In Study 1, we explore the role of familiarity on the perception of a range of information security threats and protective behavior. This topic is important and relevant, in that any type of ISec communication can get people familiarized with the broader topic of security and threat despite of its designed intention. The results show that familiarity could yield both positive and negative effects depending on how it is operationalized in the communicative setting. Study 2 was motivated by MIS’s recent emphasis of “fear as the drive” in information security compliance, as well as the use of neuroimaging techniques to validate such fear. Along the chapter, we question the scientific understanding of fear and its measurement in behavioral ISec studies, and further argue that the inherent meaning of one general mental construct may vary to such a degree that a standardized measurement should be discouraged in MIS. Finally, in Study 3, we problematize the simple human capacity of being able to “change their mind” after making an initial decision. Based on discourses in behavioral economics and philosophy, a framework is proposed for portraying how one’s able to have a change of mind, while the relationship between behavioral predictability and the individual’s flexible use of information for decision support is emphasized. This framework explains why persuaded decision-making results may not last and how communication issuers may adapt a relaxed yet reflective implementation strategy to achieve more stable result in a longer lifecycle. This dissertation contributes to MIS and ISec communication by exploring the foundational roles of three subtle yet crucial human factors, namely, familiarity, fear, and a change of mind. The discussions and results are linked to more generalized problems in MIS’s pursuit of scientific and methodological rigor. Meanwhile, they imply great potential in embracing MIS’s research possibilities in a human-centered direction. Keywords: irrationality, behavioral information security, decision-makingTietoturvallinen (ISec) käyttäytyminen on tärkeä johdon tietojärjestelmien (MIS) tutkimusalue, joka tukeutuu muiden humanististen tieteiden kuten psykologian kehitykseen. Tässä tutkielmassa tarkastellaan MIS:n psykologista puolta käsittelemällä muutamia irrationaalisia inhimillisiä tekijöitä ja niiden suhdetta suostuttelevaan tietoturvalliseen viestintään. Tutkimuksessa 1 käsitellään tuttuuden roolia tietoturvallisuusriskien havaitsemisessa ja suojakäyttäytymisessä. Aihe on olennaisen tärkeä, sillä mikä tahansa tietoturvallisuusviestintä voi tutustuttaa ihmisiä laajemmin turvallisuuteen ja turvallisuusriskeihin. Tutkimustulokset osoittavat, että tuttuus saattaa tuottaa sekä positiivisia että negatiivisia vaikutuksia riippuen siitä, millä tavalla sitä kyseisessä viestintäympäristössä käytetään. Tutkimuksen 2 taustalla vaikutti MIS:n viimeaikainen painotus “pelosta ajavana voimana” tietoturvallisuuden noudattamisessa sekä neurokuvatekniikoiden käyttö tällaisen pelon vahvistamiseksi. Tietoturvallisen käyttäytymisen tutkimuksissa esiintyvä tieteellinen käsitys pelosta sekä sen mittaamistavoista kyseenalaistetaan. Edelleen argumentoidaan yksittäisen ajatusrakennelman luontaisen merkityksen voivan vaihdella kontekstista riippuen niin suuresti, ettei standardoituja mittaamistapoja voi suositella MIS:n tutkimuksiin. Tutkimuksessa 3 tarkastellaan kriittisesti ihmisten kykyä “muuttaa mieltä” jo tehdyn päätöksen jälkeen. Käyttäytymistalouden ja filosofian diskursseihin perustuen ehdotetaankin mielenmuutoksen kykyä kuvaavaa viitekehystä, jossa korostuu käyttäytymisen ennustettavuuden ja yksilön joustavan tiedonkäytön välinen suhde päätöksenteon tukena. Tämä viitekehys selittää, miksi suostuttelun vaikutuksesta tehdyt päätökset eivät välttämättä ole pysyviä, ja kuinka viestijät voisivat hyödyntää rennompaa mutta ajatuksia herättävää viestintästrategiaa saavuttaakseen pysyvämpiä tuloksia pidemmällä aikavälillä. Tämä tutkielma edistää tietoturvallisuuden tutkimusalaa tutkimalla hienovaraisten mutta merkittävien inhimillisten tekijöiden (tuttuus, pelko ja mielenmuutos) perustavanlaatuisia rooleja. Aiheen käsittely ja tulokset liittyvät yleisiin ongelmiin MIS:n pyrkimyksessä tieteelliseen ja metodologiseen tarkkuuteen. Toisaalta ne viittaavat MIS:n huomattavaan potentiaaliin omaksua ainutlaatuisia ihmiskeskeisiä tutkimusmahdollisuuksia. Avainsanat: irrationaalisuus, tietoturvallinen käyttäytyminen, päätöksentek

Protection Motivation Theory in Information Systems Security Research : A Review of the Past and a Road Map for the Future

Protection motivation theory (PMT) is one of the most commonly used theories to examine information security behaviors. Our systematic review of the application of PMT in information systems (IS) security and the comparison with its application for decades in psychology identified five categories of important issues that have not yet been examined in IS security research. Discussing these issues in terms of why they are relevant and important for IS security, and to what extent IS research has not considered them, offers new research opportunities associated with the study of PMT and IS security threats. We suggest how future studies can approach each of the open issues to provide a new road map for quantitative and qualitative IS scholars.peerReviewe

Investigating switching intention of e-commerce live streaming users

As a new way of shopping, e-commerce live streaming (ELS) has gained unprecedented growth and popularity in the past years, especially in China. Because of the considerable rivalry in the ELS market, users frequently switch between ELS platforms. However, the switching intention of ELS users is yet to be explored for gaining new knowledge and practical insights. This study aims to improve the understanding of ELS users' switching intentions by developing an extended Push-Pull-Mooring (PPM) model. Using structural equation modeling, the study model was examined based on 443 valid responses from an online survey questionnaire. SmartPLS 3.3.2 was used to validate the causal model, and most of the study hypotheses were supported. According to the results, push effects (dissatisfaction, privacy concern, and negativity perceived value), pull effects (attractiveness of alternatives, perceived usefulness, perceived ease of use, and knowledge-based trust), and mooring effects (switching cost, social influence, and inertia) significantly influence ELS users' switching intentions. Furthermore, we found that mooring effects had a moderating role on the link between push effects and ELS user switching intention. However, the link between pull effects and ELS user switching intention was not found. The findings should aid ELS providers in deciphering ELS users' intentions in switching to other platforms and developing relevant theories, services, and regulations. The present study expands on previous research by introducing the PPM as a general model and demonstrating its effectiveness in explaining user switching intentions.peerReviewe

Investigating the impact of virtual tourism on travel intention during the post-COVID-19 era: evidence from China

This study explores the mechanism that contributes to travel intention in the field of virtual tourism. The overall research method is based on the "Stimulus-Organism-Response" theory. In the research model, the effects of content quality, system quality, and interaction quality in virtual tourism on tourism experience and travel intention are explored, as well as the role of virtual attachment and travel intention. A total of 390 respondents were invited to participate in a virtual tourism experience, and provide feedback through a questionnaire. SmartPLS 3.3.2 was used to validate the causal model, and most of the study hypotheses were supported. The findings show that virtual tourism significantly promotes travel intention. Specifically, content quality, system quality, and interaction quality positively affect tourists' travel intention through the complementary mediations of tourism experience and virtual attachment; and system quality even directly promotes travel intention. However, tourism experience does not affect virtual attachment. The present study extends prior studies on virtual tourism with SOR as a general model for field tourism experience research, while demonstrating the effectiveness of virtual tourism in promoting tourists' travel intention. The results are useful in assisting governments with developing relevant policies and services, as well as helping tourism companies understand virtual tourism as an enhancement for tourist travel intention, thus contributing to the recovery of the tourism industry in the post-COVID-19 era.peerReviewe