What Do Systems Users Have to Fear? Using Fear Appeals to Engender Threats and Fear that Motivate Protective Security Behaviors

MIS Quarterly (MISQ), vol. 39 (4), pp. 837–864

71 Pages Posted: 18 May 2015 Last revised: 27 Nov 2017

See all articles by Scott Boss

Scott Boss

Bentley University

Dennis Galletta

University of Pittsburgh and Director, Katz Doctoral Program

Paul Benjamin Lowry

Virginia Polytechnic Institute & State University - Pamplin College of Business

Gregory D Moody

University of Nevada, Las Vegas - College of Business

Peter Polak

Florida International University (FIU)

Date Written: December 1, 2015

Abstract

Because violations of information security (ISec) and privacy have become ubiquitous in both personal and work environments, academic attention to ISec and privacy has taken on paramount importance. Consequently, a key focus of ISec research has been discovering ways to motivate individuals to engage in more secure behaviors. Over time, the protection motivation theory (PMT) has become a leading theoretical foundation used in ISec research to help motivate individuals to change their security-related behaviors to protect themselves and their organizations. Our careful review of the foundation for PMT identified three opportunities for improving ISec PMT research. First, extant ISec studies do not use the full nomology of PMT constructs. Second, only one study uses fear-appeal manipulations, even though these are a core element of PMT, and virtually no ISec study models or measures fear. Third, whereas these studies have made excellent progress in predicting security intentions, none of them have addressed actual security behaviors.

This article describes the theoretical foundation of these three opportunities for improvement. We tested the nomology of PMT, including manipulated fear appeals, in two different ISec contexts that model PMT’s modern theoretical treatment more closely than do extant ISec studies. The first data collection was a longitudinal study in the context of data backups. The second study was a short-term cross-sectional study in the context of anti-malware software. Our new model demonstrated better results and stronger fit than the existing models and confirmed the efficacy of the three potential improvements we identified.

Keywords: Information Security, Protection Motivation Theory, System Backups, Model Comparison, Fear Appeals, Threat, Coping, Intentions, Behavior

Suggested Citation

Boss, Scott and Galletta, Dennis and Lowry, Paul Benjamin and Moody, Gregory Daniel and Polak, Peter, What Do Systems Users Have to Fear? Using Fear Appeals to Engender Threats and Fear that Motivate Protective Security Behaviors (December 1, 2015). MIS Quarterly (MISQ), vol. 39 (4), pp. 837–864. Available at SSRN: https://ssrn.com/abstract=2607190

Scott Boss

Bentley University ( email )

175 Forest Street
Waltham, MA 02452
United States
781-891-2353 (Phone)

HOME PAGE: http://https://faculty.bentley.edu/details.asp?uname=sboss

Dennis Galletta

University of Pittsburgh and Director, Katz Doctoral Program ( email )

135 N Bellefield Ave
Pittsburgh, PA 15260
United States

Paul Benjamin Lowry (Contact Author)

Virginia Polytechnic Institute & State University - Pamplin College of Business ( email )

1016 Pamplin Hall
Blacksburg, VA 24061
United States

Gregory Daniel Moody

University of Nevada, Las Vegas - College of Business ( email )

United States

HOME PAGE: http://https://faculty.unlv.edu/wpmu/gmoody/

Peter Polak

Florida International University (FIU) ( email )

University Park
11200 SW 8th Street
Miami, FL 33199
United States

Register to save articles to
your library

Register

Paper statistics

Downloads
909
rank
23,618
Abstract Views
2,834
PlumX Metrics