Search results

The purpose of this paper is to examine gender differences in predictors of technology threat avoidance motivation and behavior among working US adults. Implications were considered in regard to cybersecurity awareness training motivation and perceptions of need for protective cybersecurity behavior in the workplace.

A single-shot regression-based study used ordinal regression supported by K-means clustering to evaluate the moderating effects of gender on predictors of technology threat avoidance motivation and behavior on a sample of n = 206 US adult workers.

The regression model explained 47.5% of variance in avoidance motivation and 39% of avoidance behavior variance. Gender moderated predictive associations between several independent variables and avoidance motivation: perceived susceptibility, perceived effectiveness, perceived cost and self-efficacy. Gender also moderated the association between avoidance motivation and avoidance behavior.

The predictive impact of gender extends beyond the main effects in technology threat avoidance. Data frequency distributions and inter-variable relationships should be routinely considered in threat avoidance studies, especially if sample variables exhibit non-normal frequency distributions and nonlinear associations.

Gender was significantly associated with threat avoidance motivation and avoidance behavior and exhibited notable associations with antecedents of avoidance motivation. Related insights can inform the design and delivery of training content relating to technology threat avoidance as organizations strive to more effectively leverage information technology end-users as protective assets for the enterprise.

The uniqueness of this study derives from its focus and findings regarding the moderating effects of gender on technology threat avoidance factors and techniques used to measure and evaluate the associations between them.

The inception of mobile financial services (MFSs) has positively provoked economic growth and productivity, nonetheless, it has pessimistically caused an upward surge in cybersecurity threat. Customers are progressively becoming conscious of some of the threat and several of them now shun away from some suspicious activities over the internet as a form of protection. This study aims to explore the factors that influence users’ to adopt security behaviour.

A synthesis of theories – Self-efficacy and technology threat avoidance theories – was used to examine the security behaviour of users of MFSs. Data was gathered from 530 students in Ghana using convenience sampling technique. Data analysis was carried out using descriptive statistics, inferential statistics and structural equation model.

Outcome of the investigation indicate that both mastery experience and verbal persuasion have substantial effect on the avoidance motivation of MFSs users. It was, however, found that emotional state and vicarious experience of users do not influence their avoidance motivation. Also, it was established that avoidance motivation is a positive prognosticator of avoidance behaviour.

Understanding the security behaviour of MFS users will help the operators to outline strategies to sustain the successes achieved.

Studies on user security behaviour are rare, especially in sub Saharan Africa, thus, this study will contribute to extant literature by adding a new dimension of user security behaviour.

There is a need for behavioural research within the smartphone context to better understand users’ behaviour, as it is one of the reasons for the proliferation of mobile threats. This study aims to identify the human factors that affect smartphone users’ threat avoidance behaviour.

A structured literature review (SLR) was applied to answer the research question. A total of 27 sources were analysed, from which 16 codes emerged. After synthesis, six themes transpired.

Six factors were identified as drivers and/or challenges of smartphone users’ threat avoidance behaviour, namely, knowledge and awareness, misconceptions and trust, cost and benefit considerations, carelessness, perceived measure effectiveness and the user’s perceived skills and efficacy.

The results can encourage and provide a starting point for further research on human behaviour to improve smartphone user behaviour.

The mobile industry should focus on eradicating common misconceptions and undue trust in mobile security that is prevalent among smartphone users and make cost effective and usable interventions available. Training and awareness programs should be updated to include the factors that were identified in this study to affect smartphone users’ threat avoidance behaviour. In addition to improving users’ declarative knowledge concerning available smartphone measures and tools, procedural knowledge should also be improved to ensure proper use of available protective measures. Users should realise the importance of staying updated with evolving smartphone technology and associated threats.

This study acknowledges and supports the notion that addressing human behaviour is crucial in the fight against mobile threats. It addresses the need for behavioural research to analyse the factors that drive smartphone user behaviour. Furthermore, it uses and documents the use of a SLR, a research technique often unfamiliar among information security researchers.

Drawing on the Health Belief Model (HBM), this study aims to investigate the roles of health beliefs (i.e. perceived susceptibility, perceived severity, perceived benefits, perceived barriers, health self-efficacy and cues to action) in promoting college students’ smartphone avoidance intention.

Empirical data were collected through a cross-sectional survey questionnaire administered to 4,670 student smartphone users at a large university located in Central China. Further, a two-step Structural Equation Modeling was conducted using AMOS 22.0 software to test the hypothesized relationships in the research model.

Analytical results indicate that (1) perceived susceptibility, perceived severity, perceived benefits and health self-efficacy positively influence users’ smartphone avoidance intention; (2) perceived barriers negatively influence smartphone avoidance intention, while (3) cues to action reinforce the relationships between perceived susceptibility/perceived benefits and smartphone avoidance intention, but attenuate the relationships between perceived barriers/health self-efficacy and smartphone avoidance intention.

This study demonstrates that HBM is invaluable in explaining and promoting users’ smartphone avoidance intention, thereby extending extant literature on both HBM and smartphone avoidance.

Research on smartphone avoidance is still in a nascent stage. This study contributes to the field by offering a fresh theoretical lens for pursuing this line of inquiry together with robust empirical evidence.

Online social network (OSN) users have a high propensity to malware threats due to the trust and persuasive factors that underpin OSN models. The escalation of social engineering malware encourages a growing demand for end-user security awareness measures. The purpose of this paper is to take the theoretical cybersecurity awareness model TTAT-MIP and test its feasibility via a Facebook app, namely social network criminal (SNC).

The research employs a mixed-methods approach to evaluate the SNC app. A system usability scale measures the usability of SNC. Paired samples t-tests were administered to 40 participants to measure security awareness – before and after the intervention. Finally, 20 semi-structured interviews were deployed to obtain qualitative data about the usefulness of the App itself.

Results validate the effectiveness of OSN apps utilising a TTAT-MIP model – specifically the mass interpersonal persuasion (MIP) attributes. Using TTAT-MIP as a guidance, practitioners can develop security awareness systems that better leverage the intra-relationship model of OSNs.

The primary limitation of this study is the experimental settings. Although the results testing the TTAT-MIP Facebook app are promising, these were set under experimental conditions.

SNC enable persuasive security behaviour amongst employees and avoid potential malware threats. SNC support consistent security awareness practices by the regular identification of new threats which may inspire the creation of new security awareness videos.

The structure of OSNs is making it easier for malicious users to carry out their activities without the possibility of detection. By building a security awareness programme using the TTAT-MIP model, organisations can proactively manage security awareness.

Many security systems are cumbersome, inconsistent and non-specific. The outcome of this research provides organisations and security practitioners with a framework for designing and developing proactive and tailored security awareness systems.

This study aims to examine the effect of cybersecurity threat and efficacy upon click-through, response to a phishing attack: persuasion and protection motivation in an organizational context.

In a simulated field trial conducted in a financial institute, via PhishMe, employees were randomly sent one of five possible emails using a set persuasion strategy. Participants were then invited to complete an online survey to identify possible protective factors associated with clicking and reporting behavior (N = 2,918). The items of interest included perceived threat severity, threat susceptibility, response efficacy and personal efficacy.

The results indicate that response behaviors vary significantly across different persuasion strategies. Perceptions of threat susceptibility increased the likelihood of reporting behavior beyond clicking behavior. Threat susceptibility and organizational response efficacy were also associated with increased odds of not responding to the simulated phishing email attack.

This study again highlights human susceptibility to phishing attacks in the presence of social engineering strategies. The results suggest heightened awareness of phishing threats and responsibility to personal cybersecurity are key to ensuring secure business environments.

The authors extend existing phishing literature by investigating not only click-through behavior, but also no-response and reporting behaviors. Furthermore, the authors observed the relative effectiveness of persuasion strategies used in phishing emails as they compete to manipulate unsafe email behavior.

Computer games that teach cybersecurity concepts have been developed to help both individuals and organizations shore up their defence against cybercrimes. Evidence of the effectiveness of these games has been rather weak, however. This paper aims to guide the design and testing of more effective cybersecurity educational games by developing a theoretical framework.

A review of the literature is conducted to explore the dependent variable of this research stream, learning outcomes and its relationship with four independent variables, game characteristics, game context, learning theory and user characteristics.

The dependent variable can be measured by five learning outcomes: information, content, strategic knowledge, eagerness to learn/time spent and behavioral change. Game characteristics refer to features that contribute to a game’s usefulness, interactivity, playfulness or attractiveness. Game context pertains to factors that determine how a game is used, including the target audience, the skill involved and the story. Learning theory explains how learning takes place and can be classified as behaviorism, cognitivism, humanism, social learning or constructivism. User characteristics including gender, age, computer experience, knowledge and perception, are attributes that can impact users’ susceptibility to cybercrimes and hence learning outcomes.

The framework facilitates taking stock of past research and guiding future research. The use of the framework is illustrated in a critique of two research streams. Multiple research directions are discussed for continued research into the design and testing of next-generation cybersecurity computer games.

The purpose of this article is to understand the relationship between emotional salience and workplace events related to technology change by using a combination of key features of two popular psychological theories – regulatory focus theory and affective events theory – to view the change process in diverse settings.

This paper is based on analysis of 18 months of qualitative interview data (n=52 respondents) collected before, during and after the introduction of three different new technologies in three organizations – a hospital, a manufacturing facility, and a psychological counseling center. The mixed methods approach combined descriptive case studies and a structured coding approach derived from a synthesis of the two theories with which the transition processes at each organization were examined.

Employees with a so‐called promotion‐focused orientation were more likely to accept an IT change and the events related to it. Organizational cultures and the staging of events play a role in individuals' affective reactions and behavior. The use of the framework is promising for illuminating the role of emotions, the timing of change events, and subsequent behavior in response to organizational change.

The variety of types of organizations and job types represented, as well as the types of IT change proposed in each, provides a rich sample of diverse motivations and scenarios. Further development of the relationships between the timing of organizational events and regulatory focus is needed.

The proposed framework suggests a shift in emphasis away from beliefs and towards emotionally relevant events. The findings suggest consideration of two distinct motivational aspects of both new and old technology. A peak in emotional events related to training indicates that an organization must actively manage how the plans, strategies, and communications with regard to training affect workers' beliefs and expectations.

The paper highlights how an emphasis on emotionally relevant events and attention to the regulatory focus involved in interpretation of those events could provide the basis for new approaches to organizational interventions. Interventions should focus on facilitating situations where individuals can frame relevant transition events with a promotion focus.

Increased control has been linked with increased defensiveness, decreased internal commitment, inconsistent adoption of initiatives, and mixed reception. In New Zealand we have seen an incremental tightening of control in the appraisal (evaluation) context with progressively enhanced requirements for accountability in the post‐reform (post‐1989) period in schools. Reports on the context of this tightening of accountability, or increased control, and presents evidence to demonstrate its impact. The evidence was provided via the results of a four‐year (1996‐1999) longitudinal questionnaire study from the period prior to the introduction of the 1996 Draft National Guidelines for Performance Management in Schools (DNGPMS), through to that of prescribed performance criteria (professional standards) for teachers and managers in schools in 1998 and 1999. The results contradict the predicted negative impacts and provide evidence that by 1999 there was a developing positive impact from the tightening of accountability in appraisal. The conclusion discusses recent threats to the positive gains reported in this study.

Human factor is often cited as one of the biggest challenges for organizational information security management. The purpose of this paper is to investigate how and why employees fail to carry out required security tasks.

On the basis of coping theory, this paper develops a theoretical model to examine employee effortful security behavior (ESB). The model is tested with the data collected through a survey of computer users.

The results suggest that employee procrastination of security tasks and psychological detachment from security issues are two antecedents of ESB. Psychological detachment and procrastination are in turn influenced by perceived externalities of security risk and triage of business tasks over security issues by employees.

This paper contributes to the information systems security literature by providing a nuanced understanding of the antecedents and process of how employees cope with security task demands. It also offers some insights for practitioners in terms of the importance of designing and implementing security measures that are viewed as relevant to employees.