Search results

Protection motivation theory (PMT) explains that the intention to cope with information security risks is based on informed threat and coping appraisals. However, people cannot always make appropriate assessments due to possible ignorance and cognitive biases. This study proposes a research model that introduces four antecedent factors from ignorance and bias perspectives into the PMT model and empirically tests this model with data from a survey of electronic waste (e-waste) handling.

The data collected from 356 Chinese samples are analyzed via structural equation modeling (SEM).

The results revealed that for threat appraisal, optimistic bias leads to a lower perception of risks. However, factual ignorance (lack of knowledge of risks) does not significantly affect the perceived threat. For coping appraisal, practical ignorance (lack of knowledge of coping with risks) leads to low response efficacy and self-efficacy and high perceptions of coping cost, but the illusion of control overestimates response efficacy and self-efficacy.

First, this study addresses a new type of information security problem in e-waste handling. Second, this study extends the PMT model by exploring the roles of ignorance and bias as antecedents. Finally, the authors reinvestigate the basic constructs of PMT to identify how rational threat and coping assessments affect user intentions to cope with data security risks.

Research on online user privacy shows that empirical evidence on how privacy literacy relates to users' information privacy empowerment is missing. To fill this gap, this paper investigated the respective influence of two primary dimensions of online privacy literacy – namely declarative and procedural knowledge – on online users' information privacy empowerment.

An empirical analysis is conducted using a dataset collected in Europe. This survey was conducted in 2019 among 27,524 representative respondents of the European population.

The main results show that users' procedural knowledge is positively linked to users' privacy empowerment. The relationship between users' declarative knowledge and users' privacy empowerment is partially supported. While greater awareness about firms and organizations practices in terms of data collections and further uses conditions was found to be significantly associated with increased users' privacy empowerment, unpredictably, results revealed that the awareness about the GDPR and user’s privacy empowerment are negatively associated. The empirical findings reveal also that greater online privacy literacy is associated with heightened users' information privacy empowerment.

While few advanced studies made systematic efforts to measure changes occurred on websites since the GDPR enforcement, it remains unclear, however, how individuals perceive, understand and apply the GDPR rights/guarantees and their likelihood to strengthen users' information privacy control. Therefore, this paper contributes empirically to understanding how online users' privacy literacy shaped by both users' declarative and procedural knowledge is likely to affect users' information privacy empowerment. The study empirically investigates the effectiveness of the GDPR in raising users' information privacy empowerment from user-based perspective. Results stress the importance of greater transparency of data tracking and processing decisions made by online businesses and services to strengthen users' control over information privacy. Study findings also put emphasis on the crucial need for more educational efforts to raise users' awareness about the GDPR rights/guarantees related to data protection. Empirical findings also show that users who are more likely to adopt self-protective approaches to reinforce personal data privacy are more likely to perceive greater control over personal data. A broad implication of this finding for practitioners and E-businesses stresses the need for empowering users with adequate privacy protection tools to ensure more confidential transactions.

The purpose of this paper is to offer some reflection on the abuse of consumer trust and the importance of control of information in the digital market and the green market. The role of the consumer as the arbiter of the market is fundamental. The abuse of consumer confidence depends, in fact, on the spread of stereotyped messages and vague and generic formulas aimed at hiding a dangerous vacuum of protection. In both markets, it is a question of giving the consumer the necessary tools to monitor the transparency of the criteria used by the trader to classify a product according to its characteristics.

Based on the analysis of an Italian case law and the European programme, the author shows how in Italy there is a dangerous lack of consumer protection. The problem is that the green consumer, as well as the online consumer, is not able to immediately verify the accuracy of the product requirements and must be able to count on the seriousness of the professional. For this reason, the European and national authorities have provided specific rules for both markets. The new proposal of directive introduces specific rules to target unfair commercial practices that mislead consumers away from sustainable consumption choices and introduced many innovations, such as the ban on greenwashing.

This work aims to identify the tools necessary to make the information on the products offered in the digital market and those related to green products more reliable but above all to create a common methodology on which to base them. High is the risk that sustainability will become a simple marketing strategy for companies. The difficulty consists in the absence of certain and verifiable parameters by the consumer to really measure the characteristics and the quality of a product characteristic of a product compared to competing ones.

This work examines the problem of consumer protection in the digital and green market from a new perspective, comparing the information asymmetries with respect to the professionals in the two markets. Starting from the cases of greenwashing and analysing new European remedies, the author suggests for both markets, specific answers different from those required for advertising in general. The problem here is not only the truth of the message but also the vagueness and genericity. The consumer must be in a position to control the criteria used by the professional to classify products, both in the green and the digital market. To the best of the author’s knowledge, this paper is the original work of the author and has not been submitted elsewhere for publication.

This paper aims to develop a framework for critical information infrastructure (CII) protection in smart government, an alternative measure for common cybersecurity frameworks such as NIST Cybersecurity Framework and ISO 27001. Smart government is defined as the government administration sector of CII due to its similarity as a core of smart technology.

To ensure the validity of the data, the research methodology used in this paper follows the predicting malfunctions in socio-technical systems (PreMiSTS) approach, a variation of the socio-technical system (STS) approach specifically designed to predict potential issues in the STS. In this study, PreMiSTS was enriched with observation and systematic literature review as its main data collection method, thematic analysis and validation by experts using fuzzy Delphi method (FDM).

The proposed CII protection framework comprises several dimensions: objectives, interdependency, functions, risk management, resources and governance. For all those dimensions, there are 20 elements and 41 variables.

This framework can be an alternative guideline for CII protection in smart government, particularly in government administration services.

The author uses PreMiSTS, a socio-technical approach combined with thematic analysis and FDM, to design a security framework for CII protection. This combination was designed as a mixed-method approach to improve the likelihood of success in an IT project.

This study aims to investigate the impact of employees’ engagement in government social media (GSM) on their cybersecurity compliance attitude, protection motivation and protective behavior, thereby contributing to effective cybersecurity practices at organizations.

A quantitative cross-sectional field survey was conducted to collect primary data in big cities and large provinces in Vietnam. The final data set of 323 responses was analyzed using the partial least squares-structural equation modeling approach to interpret the results and test research hypotheses.

Engagement in GSM positively influences employees’ cybersecurity compliance attitude (ATT). Perceived threat vulnerability and response efficacy also contribute to a positive compliance attitude, although self-efficacy has a negative impact. Moreover, the cybersecurity compliance ATT significantly explains the information protection motivation, which in turn influences employee protective behaviors. However, the relationship between compliance attitude and protective behaviors is weak, unlike previous studies that found a strong correlation.

Although recent studies have explored specific information security practices in corporate and home contexts, the influence of GSM on individuals’ cybersecurity behaviors has received limited attention because of its novelty. This study contributes to the existing body of knowledge by investigating the impact of GSM on cybersecurity behaviors. This study provides significant contributions to understanding social media’s effects of social media on individuals’ cultivation processes, by expanding upon the protective motivation theory and cultivation theory. The results lead to practical suggestions for organizational managers and policymakers so that they can enhance their understanding of the importance of cybersecurity, encourage the implementation of self-defense strategies and highlight the significance of threat and coping evaluations in influencing attitudes and motivations.

The current advancements in technologies and the internet industry provide users with many innovative digital devices for entertainment, communication and trade. However, simultaneous development and the rising sophistication of cybercrimes bring new challenges. Micro businesses use technology like how people use it at home, but face higher cyber risks during riskier transactions, with human error playing a significant role. Moreover, information security researchers have often studied individuals’ adherence to compliance behaviour in response to cyber threats. The study aims to examine the protection motivation theory (PMT)-based model to understand individuals’ tendency to adopt secure behaviours.

The study focuses on Australian micro businesses since they are more susceptible to cyberattacks due to the least security measures in place. Out of 877 questionnaires distributed online to Australian micro business owners through survey panel provider “Dynata,” 502 (N = 502) complete responses were included. Structural equational modelling was used to analyse the relationships among the variables.

The results indicate that all constructs of the protection motivation, except threat susceptibility, successfully predict the user protective behaviours. Also, increased cybersecurity costs negatively impact users’ safe cyber practices.

The study has critical implications for understanding micro business owners’ cyber security behaviours. The study contributes to the current knowledge of cyber security in micro businesses through the lens of PMT.

Search engines, the most popular online services, are associated with several concerns. Users are concerned about the unauthorized processing of their personal data, as well as about search engines keeping track of their search preferences. Various search engines have been introduced to address these concerns, claiming that they protect users’ privacy. The authors call these search engines privacy-preserving search engines (PPSEs). This paper aims to investigate the factors that motivate search engine users to use PPSEs.

This study adopted protection motivation theory (PMT) and associated its constructs with subjective norms to build a comprehensive research model. The authors tested the research model using survey data from 830 search engine users worldwide.

The results confirm the interpretive power of PMT in privacy-related decision-making and show that users are more inclined to take protective measures when they consider that data abuse is a more severe risk and that they are more vulnerable to data abuse. Furthermore, the results highlight the importance of subjective norms in predicting and determining PPSE use. Because subjective norms refer to perceived social influences from important others to engage or refrain from protective behavior, the authors reveal that the recommendation from people that users consider important motivates them to take protective measures and use PPSE.

Despite its interesting results, this research also has some limitations. First, because the survey was conducted online, the study environment was less controlled. Participants may have been disrupted or affected, for example, by the presence of others or background noise during the session. Second, some of the survey items could possibly be misinterpreted by the respondents in the study questionnaire, as they did not have access to clarifications that a researcher could possibly provide. Third, another limitation refers to the use of the Amazon Turk tool. According Paolacci and Chandler (2014) in comparison to the US population, the MTurk workers are more educated, younger and less religiously and politically diverse. Fourth, another limitation of this study could be that Actual Use of PPSE is self-reported by the participants. This could cause bias because it is argued that internet users’ statements may be in contrast with their actions in real life or in an experimental scenario (Berendt et al., 2005, Jensen et al., 2005); Moreover, some limitations of this study emerge from the use of PMT as the background theory of the study. PMT identifies the main factors that affect protection motivation, but other environmental and cognitive factors can also have a significant role in determining the way an individual’s attitude is formed. As Rogers (1975) argued, PMT as proposed does not attempt to specify all of the possible factors in a fear appeal that may affect persuasion, but rather a systematic exposition of a limited set of components and cognitive mediational processes that may account for a significant portion of the variance in acceptance by users. In addition, as Tanner et al. (1991) argue, the ‘PMT’s assumption that the subjects have not already developed a coping mechanism is one of its limitations. Finally, another limitation is that the sample does not include users from China, which is the second most populated country. Unfortunately, DuckDuckGo has been blocked in China, so it has not been feasible to include users from China in this study.

The proposed model and, specifically, the subjective norms construct proved to be successful in predicting PPSE use. This study demonstrates the need for PPSE to exhibit and advertise the technology and measures they use to protect users’ privacy. This will contribute to the effort to persuade internet users to use these tools.

This study sought to explore the privacy attitudes of search engine users using PMT and its constructs’ association with subjective norms. It used the PMT to elucidate users’ perceptions that motivate them to privacy adoption behavior, as well as how these perceptions influence the type of search engine they use. This research is a first step toward gaining a better understanding of the processes that drive people’s motivation to, or not to, protect their privacy online by means of using PPSE. At the same time, this study contributes to search engine vendors by revealing that users’ need to be persuaded not only about their policy toward privacy but also by considering and implementing new strategies of diffusion that could enhance the use of the PPSE.

This research is a first step toward gaining a better understanding of the processes that drive people’s motivation to, or not to, protect their privacy online by means of using PPSEs.

In the current scenario, cybersecurity issues have emerged to be a major challenge for firms to deal with. The increased use of technologies has increased radically the volume and typology of information produced, exchanged, and managed by firms thus creating conditions for cybersecurity incidents or information breaches. In this situation, it becomes paramount for firms to recognize cybersecurity risks and be prepared to prevent them through the implementation of approaches and technologies able to ensure a high level of protection.

In this chapter, we provide a framework for analyzing and managing cybersecurity risks. We employed a case study strategy to understand how the risk analysis process is carried out within an Information Security company. The study and observations obtained from this case study have permitted to define a framework useful for SME to deal with cybersecurity issues.

A research line has emerged that is concerned with investigating human factors in information systems and cyber-security in organizations using various behavioural and socio-cognitive theories. This study aims to explore human and contextual factors influencing cyber security behaviour in organizations while drawing implications for cyber-security in higher education institutions.

A systematic literature review has been implemented. The reviewed studies have revealed various human and contextual factors that influence cyber-security behaviour in organizations, notably higher education institutions.

This review study offers practical implications for constructing and keeping a robust cyber-security organizational culture in higher education institutions for the sustainable development goals of cyber-security training and education.

The value of the current review arises in that it presents a comprehensive account of human factors affecting cyber-security in organizations, a topic that is rarely investigated in previous related literature. Furthermore, the current review sheds light on cyber-security in higher education from the weakest link perspective. Simultaneously, the study contributes to relevant literature by gaining insight into human factors and socio-technological controls related to cyber-security in higher education institutions.

Data represents a critical resource that enables construction companies’ success; thus, its management is very important. The purpose of this study is to assess the benefits of construction data risks management (DRM) in the construction industry (CI).

This study adopted a quantitative method and collected data from various South African construction professionals with the aid of an e-questionnaire. These professionals involve electrical engineers, quantity surveyors, architects and mechanical, as well as civil engineers involved under a firm, or organisation within the province of Gauteng, South Africa. Standard deviation, mean item score, non-parametric Kruskal–Wallis H test and exploratory factor analysis were used to analyse the retrieved data.

The findings revealed that DRM enhances project and company data availability, promotes confidentiality and enhances integrity, which are the primary benefits of DRM that enable the success of project delivery.

The research was carried out only in the province of Gauteng due to COVID-19 travel limitations.

The construction companies will have their data permanently in their possession and no interruption will be seen due to data unavailability, which, in turn, will allow long-term and overall pleasant project outcomes.

This study seeks to address the benefits of DRM in the CI to give additional knowledge on risk management within the built environment to promote success in every project.