What motivates users to adopt cybersecurity practices? A survey experiment assessing protection motivation theory

IF 3.5 1区社会学 Q1 CRIMINOLOGY & PENOLOGY Criminology & Public Policy Pub Date : 2023-09-11 DOI:10.1111/1745-9133.12641

Cassandra E. Dodge, Nathan Fisk, George W. Burruss, Richard K. Moule Jr., Chae M. Jaynes

{"title":"What motivates users to adopt cybersecurity practices? A survey experiment assessing protection motivation theory","authors":"Cassandra E. Dodge, Nathan Fisk, George W. Burruss, Richard K. Moule Jr., Chae M. Jaynes","doi":"10.1111/1745-9133.12641","DOIUrl":null,"url":null,"abstract":"<div>\n \n \n <section>\n \n <h3> Research Summary</h3>\n \n <p>A 2 × 2 × 3 fully crossed factorial experiment is used to examine the linkages between key dimensions of protection motivation theory (PMT; perceived severity of risk, vulnerability to risk, and response costs) and the intentions to adopt information technology (IT) cybersecurity recommendations after being informed of degrees of risk in the vignettes. Data in this study consist of a nationwide sample of 720 American adults. Results from a series of fractional logistic regressions indicate support for many of the core mechanisms within PMT. Seventy percent of respondents indicated they were likely to follow IT recommendations to mitigate a cyber threat. Self-efficacy and response costs affected intentions to do so.</p>\n </section>\n \n <section>\n \n <h3> Policy Implications</h3>\n \n <p>The study's findings have important implications for improving cybersecurity and reducing vulnerabilities to cyber threats. Current training programs need more effective communication strategies and engagement tools. Perceptions of users as security threats rather than potential contributors hinder progress in the ability of organizations to improve cybersecurity. Collaborative, user-centered approaches can enhance users’ self-efficacy and improve cybersecurity by aligning user and IT professional needs and capabilities. Strategies like gamified simulations and tailored interventions can create a more security-focused culture and encourage user participation in defending an organization. Recognizing individual differences among users and further examining personal characteristics that may impact user interactions with technology and cybersecurity interventions is crucial. Overall, more personalized, adaptable approaches to cybersecurity policies and technical solutions, accounting for diverse user needs and characteristics, should be a priority for improving cybersecurity practices.</p>\n </section>\n </div>","PeriodicalId":47902,"journal":{"name":"Criminology & Public Policy","volume":"22 4","pages":"849-868"},"PeriodicalIF":3.5000,"publicationDate":"2023-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1111/1745-9133.12641","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Criminology & Public Policy","FirstCategoryId":"90","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1111/1745-9133.12641","RegionNum":1,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"CRIMINOLOGY & PENOLOGY","Score":null,"Total":0}

引用次数: 0

Abstract

Research Summary

A 2 × 2 × 3 fully crossed factorial experiment is used to examine the linkages between key dimensions of protection motivation theory (PMT; perceived severity of risk, vulnerability to risk, and response costs) and the intentions to adopt information technology (IT) cybersecurity recommendations after being informed of degrees of risk in the vignettes. Data in this study consist of a nationwide sample of 720 American adults. Results from a series of fractional logistic regressions indicate support for many of the core mechanisms within PMT. Seventy percent of respondents indicated they were likely to follow IT recommendations to mitigate a cyber threat. Self-efficacy and response costs affected intentions to do so.

Policy Implications

The study's findings have important implications for improving cybersecurity and reducing vulnerabilities to cyber threats. Current training programs need more effective communication strategies and engagement tools. Perceptions of users as security threats rather than potential contributors hinder progress in the ability of organizations to improve cybersecurity. Collaborative, user-centered approaches can enhance users’ self-efficacy and improve cybersecurity by aligning user and IT professional needs and capabilities. Strategies like gamified simulations and tailored interventions can create a more security-focused culture and encourage user participation in defending an organization. Recognizing individual differences among users and further examining personal characteristics that may impact user interactions with technology and cybersecurity interventions is crucial. Overall, more personalized, adaptable approaches to cybersecurity policies and technical solutions, accounting for diverse user needs and characteristics, should be a priority for improving cybersecurity practices.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

是什么促使用户采用网络安全做法？保护动机理论评估的调查实验

使用2×2×3的完全交叉因子实验来检验保护动机理论的关键维度（PMT；感知的风险严重性、易受风险影响性和响应成本）与在得知小插曲中的风险程度后采用信息技术（IT）网络安全建议的意图之间的联系。这项研究的数据包括720名美国成年人的全国性样本。一系列分数逻辑回归的结果表明支持PMT中的许多核心机制。70%的受访者表示，他们可能会遵循IT建议来减轻网络威胁。自我效能和反应成本影响了这样做的意图。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Criminology & Public Policy CRIMINOLOGY & PENOLOGY-

CiteScore

8.10

自引率

6.50%

发文量

期刊介绍： Criminology & Public Policy is interdisciplinary in nature, devoted to policy discussions of criminology research findings. Focusing on the study of criminal justice policy and practice, the central objective of the journal is to strengthen the role of research findings in the formulation of crime and justice policy by publishing empirically based, policy focused articles.