Protecting Against Threats to Information Security: An Attitudinal Ambivalence Perspective

"Protecting against threats to information security: An attitudinal ambivalence perspective," Journal of Management Information Systems, 38, 3 (2021), pp. 732-764.

HKUST Business School Research Paper No. 2021-047

54 Pages Posted: 15 Dec 2021 Last revised: 11 Jan 2022

See all articles by Ka Chung Ng

Ka Chung Ng

HKUST Business School

Xiaojun Zhang

Hong Kong University of Science & Technology (HKUST) - Department of Information Systems, Business Statistics and Operations Management

James Y.L. Thong

HKUST Business School

Kar Yan Tam

Hong Kong University of Science and Technology

Date Written: 2021

Abstract

A popular information security-related motivation theory is the Protection Motivation Theory (PMT) that has been studied extensively in many information security contexts with promising results. However, prior studies have found inconsistent findings regarding the relationships within PMT. To shed light on these inconsistent findings, we introduce the attitudinal ambivalence theory to open the black box within PMT. We tested our model on data collected from 1,383 individuals facing potential cyberattacks of their emails in a field experiment. The results of polynomial regression with response surface analysis showed that attitudinal ambivalence is generated from the opposition between an individual’s evaluations of maladaptive rewards and social norms (i.e., descriptive norm and subjective norm). This attitudinal ambivalence, in turn, affects individuals’ evaluations of their coping appraisal process and protection motivation, and ultimately protection behavior. We discuss the theoretical and managerial implications of identifying the determinants and outcomes of attitudinal ambivalence in the information security context. From a theoretical standpoint, our work contributes to the information security literature by incorporating attitudinal ambivalence, which arises from the intrapersonal and interpersonal appraisal processes, into PMT. From a practical standpoint, our work provides insights into designing effective fear appeals to avoid triggering attitudinal ambivalence and thus encouraging adoption of security protection behavior.

Keywords: cybersecurity, attitudinal ambivalence theory, information security, protection motivation theory, two-factor authentication, maldaptive rewards, social norms, polynomial regression, response surface analysis, security breach, data breach

JEL Classification: M15

Suggested Citation

Ng, Ka Chung and Zhang, Xiaojun and Thong, James Y.L. and Tam, Kar Yan, Protecting Against Threats to Information Security: An Attitudinal Ambivalence Perspective (2021). "Protecting against threats to information security: An attitudinal ambivalence perspective," Journal of Management Information Systems, 38, 3 (2021), pp. 732-764., HKUST Business School Research Paper No. 2021-047, Available at SSRN: https://ssrn.com/abstract=3984208

Ka Chung Ng

HKUST Business School ( email )

Clear Water Bay
Kowloon
Hong Kong

Xiaojun Zhang

Hong Kong University of Science & Technology (HKUST) - Department of Information Systems, Business Statistics and Operations Management ( email )

Clear Water Bay
Kowloon
Hong Kong

James Y.L. Thong (Contact Author)

HKUST Business School ( email )

Clear Water Bay
Kowloon
Hong Kong

HOME PAGE: http://jthong.people.ust.hk/

Kar Yan Tam

Hong Kong University of Science and Technology ( email )

Clear Water Bay, Kowloon
Hong Kong

Do you want regular updates from SSRN on Twitter?

Paper statistics

Downloads
30
Abstract Views
144
PlumX Metrics