Search results

Firms continue to struggle with end users who do not follow recommended actions for safeguarding information security. Thus, the authors utilize insights gained from studies on heuristic processing of risk information to design cues in fear appeal messages more effectively so as to more strongly engender fear among users, which can in turn lead them to take protective actions toward information security. Specifically, four types of fear appeal cues are identified: numeric risk communication, social distance and goal framing in verbal risk communication and visual risk communication.

Drawing from protection motivation theory, the authors hypothesize that these fear appeal cues can engender fear among users to a greater extent. In addition, the authors hypothesize that users will perceive a higher level of severity and susceptibility when they perceive a large amount of fear. The research hypotheses were tested employing data collected through a laboratory experiment. Analysis of variance (ANOVA) and regression analyses were performed to analyze the data.

The study's results suggest that numeric and visual risk communication cues in security notices can significantly increase the amount of fear felt by users. In addition, social distance was found to marginally increase the amount of fear felt by users. However, unlike our expectation, goal framing was not found to increase the amount of fear when the other three types of fear appeal cues were also given in a security notice. It was also found that induced fear can increase the severity and susceptibility of threats as perceived by users.

The study contributes to the literature on fear appeal cues designed to promote users' security protection behaviors. No prior study has designed security notices featuring the four different types of fear appeal cues and empirically tested the effectiveness of those cues in inducing fear among users. The findings suggest that the design of fear appeal cues can be improved by understanding individuals' heuristic processing of risk information, which can be subject to cognitive biases.

This paper aims to report on the information security behaviors of smartphone users in an affluent economy of the Middle East.

A model based on prior research, synthesized from a thorough literature review, is tested using survey data from 500 smartphone users representing three major mobile operating systems.

The overall level of security behaviors is low. Regression coefficients indicate that the efficacy of security measures and the cost of adopting them are the main factors influencing smartphone security behaviors. At present, smartphone users are more worried about malware and data leakage than targeted information theft.

Threats and counter-measures co-evolve over time, and our findings, which describe the state of smartphone security at the current time, will need to be updated in the future.

Measures to improve security practices of smartphone users are needed urgently. The findings indicate that such measures should be broadly effective and relatively costless for users to implement.

Personal smartphones are joining enterprise networks through the acceptance of Bring-Your-Own-Device computing. Users’ laxity about smartphone security thus puts organizations at risk.

The paper highlights the key factors influencing smartphone security and compares the situation for the three leading operating systems in the smartphone market.

Demonetization and pandemic-related restrictions in India propelled the usage of mobile payments (M-payments). The culture of online smartphone transactions is expected to rise over the coming years, even after things return to normal. This study aims to unveil the factors that escalate the satisfaction levels of M-payment users and eventually stimulate them to continue using M-payments for their daily activities.

This study evaluated the intention to continue using M-payments for 710 users utilizing structural equation modeling and augmenting the technology acceptance model (TAM) as well as the expectation confirmation model (ECM). Mediation and moderation analysis examined the proposed model's direct and indirect relationships.

The findings unveil that perceived value co-creation participation, service quality and cognitive processing magnify user satisfaction, significantly escalating M-payment continuance usage intention. Perceived value co-creation participation and user satisfaction with M-payment partially mediate the linkage among the constructs. Furthermore, perceived usefulness strengthens the link, while perceived severity of security threats weakens the linkage between user satisfaction with M-payment and continuance usage intention.

The study's findings could benefit M-payment service providers, users, policymakers and the telecom industry to strengthen India's digital payment framework.

The perceived value co-creation participation and cognitive processing domain have not garnered much attention in the M-payment literature. The study strives to comprehend these constructs by widening the purview of TAM and ECM models. It also measures the moderating role of perceived severity of security threats and perceived usefulness to unfurl potential linkages between the identified constructs.

As home users are increasingly responsible for securing their computing devices and home networks, there is a growing need to develop interventions to assist them in protecting their home networking devices, which are vulnerable to attack. To this end, this paper aims to examine the motivating factors that drive South African fibre users to protect their home networking devices.

Using the protection motivation theory as the primary framework, a measurement instrument comprising 53 questionnaire items was developed to measure 13 constructs. The study collected empirical data from a sample of 392 South African home fibre users and evaluated the research model using structural equation modelling.

The evaluation showed a good fit, with 12 out of 15 predicted hypotheses being accepted for the final research model, contributing to the understanding of the factors that motivate home users to protect their home networking devices.

To the best of the authors’ knowledge, this study is the first to model the factors that drive South African home fibre users to protect their home networking devices. Knowing these factors could help home internet service providers and security software vendors of home products to develop security interventions that could assist home fibre users to secure their home networking devices.

Modernized information systems (IS) have brought enterprises not only enormous benefits, but also linked information threats. Most enterprises solve their IS security‐related problems using technical means alone, and focus on technical rather than managerial controls, which may imply potential crises. This study examines whether the security preparation of firms matches the severity of IS threats they perceive in developing countries, especially in issues concerning “people” and “administration”. Additionally, this study discusses appropriate threat mitigation strategies for the four sectors as well.

Using an empirical study, this study explores the past and current concerns of IS threats of firms in different industries, and the countermeasures prepared by them to protect themselves from such threats. The empirical data was provided by 109 Taiwanese enterprises from four sectors.

The analytical results revealed the differences in both the IS threats concerned and the security scopes prepared among the four sectors. Moreover, the preparation scopes were not commensurate with the perceived severity of threats. All four industries rated the network as posing the strongest threat, following regulation and personnel issues, while among the countermeasures in use, these three issues have larger application deficiencies.

This study concludes that the firms do not well prepare themselves against IS threats entailed to non‐technical administration issues and discusses appropriate threat mitigation strategies for the four sectors. Specifically, firms should be aware of IS threats to their business and prepare suitable security protections.

The current advancements in technologies and the internet industry provide users with many innovative digital devices for entertainment, communication and trade. However, simultaneous development and the rising sophistication of cybercrimes bring new challenges. Micro businesses use technology like how people use it at home, but face higher cyber risks during riskier transactions, with human error playing a significant role. Moreover, information security researchers have often studied individuals’ adherence to compliance behaviour in response to cyber threats. The study aims to examine the protection motivation theory (PMT)-based model to understand individuals’ tendency to adopt secure behaviours.

The study focuses on Australian micro businesses since they are more susceptible to cyberattacks due to the least security measures in place. Out of 877 questionnaires distributed online to Australian micro business owners through survey panel provider “Dynata,” 502 (N = 502) complete responses were included. Structural equational modelling was used to analyse the relationships among the variables.

The results indicate that all constructs of the protection motivation, except threat susceptibility, successfully predict the user protective behaviours. Also, increased cybersecurity costs negatively impact users’ safe cyber practices.

The study has critical implications for understanding micro business owners’ cyber security behaviours. The study contributes to the current knowledge of cyber security in micro businesses through the lens of PMT.

The factors that motivate Generation Z individuals to use the Internet of Things for security purposes have yet to be explored. Therefore, the purpose of this paper is to close a research gap by verifying the protection motivation theory using gender as a moderator.

The authors used a purposive sampling approach to collect data from Dhaka city, in which 370 valid responses were selected. Additionally, the quantitative and cross-sectional survey used a seven-point Likert scale. Afterward, the evaluation approach included three phases: a measurement model, a structural model and multi-group analysis.

Vulnerability, self-efficacy and response-efficacy were discovered to be critical predictors with a variance of 60.4%. Moreover, there was a significant disparity between males and females in two relationships, response efficacy and intention as well as response cost and intention.

This research expands our understanding of Generation Z consumers' behavioral intentions to take measures against household threats, allowing preventative programs to be improved. Further, in the case of applying coping strategies, a practical difference between males and females has been found that must be bridged through awareness campaigns.

This study has made a unique contribution to the information system literature. First, the role of protection motivation theory factors in addressing security concerns in homes has been assessed. Second, the coping evaluation process has a greater impact on users' intentions than the threat appraisal process. However, males and females use slightly different approaches to defending themselves against the threat.

In methods and manuals, the product of an information security incident’s probability and severity is seen as a risk to manage. The purpose of the test described in this paper is to investigate if information security risk is perceived in this way, if decision-making style influences the perceived relationship between the three variables and if the level of information security expertise influences the relationship between the three variables.

Ten respondents assessed 105 potential information security incidents. Ratings of the associated risks were obtained independently from ratings of the probability and severity of the incidents. Decision-making style was measured using a scale inspired from the Cognitive Style Index; information security expertise was self-reported. Regression analysis was used to test the relationship between variables.

The ten respondents did not assess risk as the product of probability and severity, regardless of experience, expertise and decision-making style. The mean variance explained in risk ratings using an additive term is 54.0 or 38.4 per cent, depending on how risk is measured. When a multiplicative term was added, the mean variance only increased by 1.5 or 2.4 per cent. For most of the respondents, the contribution of the multiplicative term is statistically insignificant.

The inability or unwillingness to see risk as a product of probability and severity suggests that procedural support (e.g. risk matrices) has a role to play in the risk assessment processes.

This study is the first to test if information security risk is assessed as an interaction between probability and severity using suitable scales and a within-subject design.

Phishing attacks are the most common cyber threats targeted at users. Digital nudging in the form of framing and priming may reduce user susceptibility to phishing. This research focuses on two types of digital nudging, framing and priming, and examines the impact of framing and priming on users' behavior (i.e. action) in a cybersecurity setting. It draws on prospect theory, instance-based learning theory and dual-process theory to generate the research hypotheses.

A 3 × 2 experimental study was carried out to test the hypotheses. The experiment consisted of three levels for framing (i.e. no framing, negative framing and positive framing) and two levels for priming (i.e. with and without priming).

The findings suggest that priming users to information security risks reduces their risk-taking behavior, whereas positive and negative framing of information security messages regarding potential consequences of the available choices do not change users' behavior. The results also indicate that risk-averse cybersecurity behavior is associated with greater confidence with the action, greater perceived severity of cybersecurity risks, lower perceived susceptibility to cybersecurity risks resulting from the action and lower trust in the download link.

This research shows that digital nudging in the form of priming is an effective way to reduce users' exposure to cybersecurity risks.

This study aims to examine the effect of cybersecurity threat and efficacy upon click-through, response to a phishing attack: persuasion and protection motivation in an organizational context.

In a simulated field trial conducted in a financial institute, via PhishMe, employees were randomly sent one of five possible emails using a set persuasion strategy. Participants were then invited to complete an online survey to identify possible protective factors associated with clicking and reporting behavior (N = 2,918). The items of interest included perceived threat severity, threat susceptibility, response efficacy and personal efficacy.

The results indicate that response behaviors vary significantly across different persuasion strategies. Perceptions of threat susceptibility increased the likelihood of reporting behavior beyond clicking behavior. Threat susceptibility and organizational response efficacy were also associated with increased odds of not responding to the simulated phishing email attack.

This study again highlights human susceptibility to phishing attacks in the presence of social engineering strategies. The results suggest heightened awareness of phishing threats and responsibility to personal cybersecurity are key to ensuring secure business environments.

The authors extend existing phishing literature by investigating not only click-through behavior, but also no-response and reporting behaviors. Furthermore, the authors observed the relative effectiveness of persuasion strategies used in phishing emails as they compete to manipulate unsafe email behavior.