Protecting Against Threats to Information Security: An Attitudinal Ambivalence Perspective
"Protecting against threats to information security: An attitudinal ambivalence perspective," Journal of Management Information Systems, 38, 3 (2021), pp. 732-764.
54 Pages Posted: 15 Dec 2021 Last revised: 11 Jan 2022
Date Written: 2021
Abstract
A popular information security-related motivation theory is the Protection Motivation Theory (PMT) that has been studied extensively in many information security contexts with promising results. However, prior studies have found inconsistent findings regarding the relationships within PMT. To shed light on these inconsistent findings, we introduce the attitudinal ambivalence theory to open the black box within PMT. We tested our model on data collected from 1,383 individuals facing potential cyberattacks of their emails in a field experiment. The results of polynomial regression with response surface analysis showed that attitudinal ambivalence is generated from the opposition between an individual’s evaluations of maladaptive rewards and social norms (i.e., descriptive norm and subjective norm). This attitudinal ambivalence, in turn, affects individuals’ evaluations of their coping appraisal process and protection motivation, and ultimately protection behavior. We discuss the theoretical and managerial implications of identifying the determinants and outcomes of attitudinal ambivalence in the information security context. From a theoretical standpoint, our work contributes to the information security literature by incorporating attitudinal ambivalence, which arises from the intrapersonal and interpersonal appraisal processes, into PMT. From a practical standpoint, our work provides insights into designing effective fear appeals to avoid triggering attitudinal ambivalence and thus encouraging adoption of security protection behavior.
Keywords: cybersecurity, attitudinal ambivalence theory, information security, protection motivation theory, two-factor authentication, maldaptive rewards, social norms, polynomial regression, response surface analysis, security breach, data breach
JEL Classification: M15
Suggested Citation: Suggested Citation