← Search

What Do Systems Users Have to Fear? Using Fear Appeals to Engender Threats and Fear that Motivate Protective Security Behaviors1

Scott R. Boss1; Dennis F. Galletta2; Paul Benjamin Lowry3; Gregory D. Moody4; Peter Polak5

1 Department of Accountancy, Bentley University, 175 Forest Street, Waltham, MA 02452 U.S.A. · 2 Katz Graduate School of Business, University of Pittsburgh, 282a Mervis Hall, Pittsburgh, PA 15260 U.S.A. · 3 College of Business, City University of Hong Kong, P7718, Academic 1, Hong Kong, China · 4 University of Nevada, Las Vegas, 329 Frank and Estella Beam Hall, 4515 S. Maryland Parkway, Mail Stop 6034, Las Vegas, NV 89154 U.S.A. · 5 Department of Decision Sciences & Information Systems, College of Business, Florida International University, 11200 S.W. 8th St., RB 250, Miami, FL 33199 U.S.A.

MIS Quarterly 2015

Because violations of information security (ISec) and privacy have become ubiquitous in both personal and work environments, academic attention to ISec and privacy has taken on paramount importance. Consequently, a key focus of ISec research has been discovering ways to motivate individuals to engage in more secure behaviors. Over time, the protection motivation theory (PMT) has become a leading theoretical foundation used in ISec research to help motivate individuals to change their security-related behaviors to protect themselves and their organizations. Our careful review of the foundation for PMT identified four opportunities for improving ISec PMT research. First, extant ISec studies do not use the full nomology of PMT constructs. Second, only one study uses fear-appeal manipulations, even though these are a core element of PMT. Third, virtually no ISec study models or measures fear. Fourth, whereas these studies have made excellent progress in predicting security intentions, none of them have addressed actual security behaviors. This article describes the theoretical foundation of these four opportunities for improvement. We tested the nomology of PMT, including manipulated fear appeals, in two different ISec contexts that model the modern theoretical treatment of PMT more closely than do extant ISec studies. The first data collection was a longitudinal study in the context of data backups. The second study was a short-term cross-sectional study in the context of anti-malware software. Our new model demonstrated better results and stronger fit than the existing models and confirms the efficacy of the four potential improvements we identified.

DOI
10.25300/misq/2015/39.4.5
Volume
39 (4)
Pages
837-864
Language
en
Export
BibTeX
Sources
crossref