Accessing the determinants of millennials’ online protective behaviour: how their protection motivation translates into actual use behaviour

This research focuses on assessing the determinants of Millennials Protection Motivation (or Security Intentions) on their actual Use Behaviour when navigating online in terms of the protective measures they adopt. For this purpose, the proposed model integrates variables from two widely accepted behavioural theories, the Protection Motivation Theory and the Reasoned Action Approach. Hence, an online survey was conducted, relying on 236 responses, which were analysed through hierarchical multiple regression. Results show a gap between Security Intentions and Use Behaviour and indicate Safety Habit Strength and Actual Control as significant at predicting Use Behaviour. Differently to published literature, this research analyses not only behavioural intention, but also the user’s actual Use Behaviour

The effect of countermeasure readability on security intentions

Horizon 2020(H2020)883588Computer Systems, Imagery and Medi

Do SETA Interventions Change Security Behavior? – A Literature Review

Information security education, training, and awareness (SETA) are approaches to changing end-users’ security behavior. Research into SETA has conducted interventions to study the effects of SETA on security behavior. However, we lack aggregated knowledge on ‘how do SETA interventions influence security behavior?’. This study reviews 21 empirical SETA intervention studies published across the top IS journals. The theoretical findings show that the research has extended Protection Motivation Theory by (1) enhancements to fear appeals; (2) drawing attention to relevance; (3) incorporating temporality; (4) and shifting from intentions to behavior. In terms of behavior, the SETA interventions have targeted (1) information security policy compliance behavior; and (2) information protection behavior. We argue that while these studies have provided insights into security intentions and behavior, knowledge on designing effective SETA training has remained primarily anecdotal. We contribute (1) by pointing out gaps in the knowledge; and (2) by proposing tentative design recommendations

Investigating the Influence of Perceived Uncertainty on Protection Motivation: An Experimental Study

IS users and organizations must take necessary measures to adequately cope with security threats. Considering the importance and prevalence of these issues and challenges, IS security research has extensively investigated a variety of factors that influence IS users’ security intentions/behaviors. In this regard, protection-motivated behaviors are primarily based on individuals’ personal cognitive evaluations and vigilance. In reality, however, many users reach security hygiene decisions through various non-rational and non-protection-motivated processes. Such users may not necessarily rely on their own cognitive appraisals and information processing, but proceed to make decisions without careful cognitive assessments of security threats and coping responses. One promising lens for assessing these behaviors that may not be informed by rational and personal assessments of threats and responses is Herd Theory, which describes the phenomenon in which individual decisions are often influenced by other users’ decisions about their behaviors. Drawing on this theory, this study seeks to answer the following research questions by using an experimental design:. In uncertain circumstances, are individuals more likely to cope with security threats by following the herd

Mitigating the Security Intention-Behavior Gap: The Moderating Role of Required Effort on the Intention-Behavior Relationship

Although users often express strong positive intentions to follow security policies, these positive intentions fail to consistently translate to behavior. In a security setting, the inconsistency between intentions and behavior—termed the intention-behavior gap—is particularly troublesome, as a single failure to enact positive security intentions may make a system vulnerable. We address a need in security compliance literature to better understand the intention-behavior gap by explaining how an omnipresent competing intention—the user’s desire to minimize required effort—negatively moderates the relationship between positive intentions and actual security behavior. Moreover, we posit that this moderating effect is not accounted for in extant theories used to explain behavioral information security, introducing an opportunity to broadly impact information security research to more consistently predict behavior. In three experiments, we found that high levels of required effort negatively moderated users’ intentions to follow security policies. Controlling for this moderating effect substantially increased the explained variance in security policy compliance. The results suggest that security researchers should be cognizant of the existence of competing intentions, such as the desire to minimize required effort, which may moderate the security intention-behavior relationship. Otherwise, such competing intentions may cause unexpected inconsistencies between users’ intentions to behave securely and their actual security behavior

Gender Differences in Information Security Perceptions and Behaviour

Information security is of universal concern to computer users from all walks of life. Though gender differences in technology adoption are well researched, scant attention has been devoted to the study of gender differences in information security. We address this research gap by investigating how information security perceptions and behaviours vary between genders in a study involving 624 home users. The results reveal that females exhibit significantly lower overall levels of security behaviour than males. Furthermore, individual perceptions and behaviours in many cases also vary by gender. Our work provides evidence that gender effects should be considered when formulating information security education, training, and awareness initiatives. It also provides a foundation for future work to explore information security gender differences more deeply

The Influence of Cognitive Factors and Personality Traits on Mobile Device User\u27s Information Security Behavior

As individuals have become more dependent on mobile devices to communicate, to seek information, and to conduct business, their susceptibility to various threats to information security has also increased. Research has consistently shown that a user’s intention is a significant antecedent of information security behavior. Although research on user’s intention has expanded in the last few years, not enough is known about how cognitive factors and personality traits impact the adoption and use of mobile device security technologies. The purpose of this research was to empirically investigate the influence of cognitive factors and personality traits on mobile device user’s intention in regard to mobile device security technologies. A conceptual model was developed by combining constructs from both the Protection Motivation Theory (PMT) and the Big Five Factor Personality Traits. The data was collected using a web-based survey according to specific inclusion and exclusion criteria. Respondents were limited to adults 18 years or older who have been using their mobile devices to access the internet for at least one year. The Partial Least Square Structural Equation Modeling (PLS-SEM) was used to analyze the data gathered from a total of 356 responses received. The findings of this study show that perceived threat severity, perceived threat susceptibility, perceived response costs, response efficacy, and mobile self-efficacy have a significant positive effect on user’s intention. In particular, mobile self-efficacy had the strongest effect on the intention to use mobile device security technologies. Most of the personality traits factors were not found significant, except for conscientiousness. The user’s intention to use mobile device security technologies was found to have a significant effect on the actual usage of mobile device security technologies. Hence, the results support the suitability of the PMT and personality factors in the mobile device security technologies context. This study has contributed to information security research by providing empirical results on factors that influence the use of mobile device security technologies

An Empirical Study of Home User Intentions towards Computer Security

Home computer users are solely responsible for implementing security measures on their devices. Although most computers have security software installed, the potential remains for security breaches, which makes it important for home users to take additional steps, such as not sharing one’s password and using strong passwords, to secure their devices further. Drawing on protection motivation theory and findings from prior research, this study evaluates factors that influence individuals to implement additional security measures to protect their home computers. Using SmartPLS and responses from 72 home computer users, the results show that response efficacy, self-efficacy and subjective norms were significant in encouraging persons to implement additional security measures. Maladaptive rewards on the other hand acted as a significant detractor, while neither perceived vulnerability nor perceived severity was significant in relation to willingness to implement additional security measures