2021
DOI: 10.1145/3462766.3462770
|View full text |Cite
|
Sign up to set email alerts
|

Protection Motivation Theory in Information Systems Security Research

Abstract: Protection motivation theory (PMT) is one of the most commonly used theories to examine information security behaviors. Our systematic review of the application of PMT in information systems (IS) security and the comparison with its application for decades in psychology identified five categories of important issues that have not yet been examined in IS security research. Discussing these issues in terms of why they are relevant and important for IS security, and to what extent IS research has not considered t… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

1
25
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
8
1

Relationship

0
9

Authors

Journals

citations
Cited by 37 publications
(26 citation statements)
references
References 84 publications
1
25
0
Order By: Relevance
“…To investigate cultural factors influencing risky behaviour in the cyberspace, quantitative literature has availed of dominant socio-cognitive and socio-psychological theories as to their pre-configured theoretical frameworks. Such theories included the General Deterrence Theory (D’Arcy et al , 2009; Cheng et al , 2013; Cheng et al , 2014; Moody et al , 2018), the PMT (Ameen et al , 2021; Haag et al , 2021; Herath and Rao, 2009; Li et al , 2019; Meso et al , 2013; Tsai et al , 2016; Warkentin et al , 2016), situational action theory (Li et al , 2021), the planned behaviour theory (Bauer and Bernroider, 2017; Cox, 2012; Ifinedo, 2012), rational choice theory (Li et al , 2018; Vance and Siponen, 2012), neutralization theory (Ali et al , 2021; D’Arcy and Teh, 2019) and social bonding theory (Back et al , 2018). Nonetheless, most conventional cyber-security research was administered in business sectors, circumscribed to confirming pre-hypothesized theoretical reasons underlying employees’ failure to adhere to cyber-security policies.…”
Section: Resultsmentioning
confidence: 99%
“…To investigate cultural factors influencing risky behaviour in the cyberspace, quantitative literature has availed of dominant socio-cognitive and socio-psychological theories as to their pre-configured theoretical frameworks. Such theories included the General Deterrence Theory (D’Arcy et al , 2009; Cheng et al , 2013; Cheng et al , 2014; Moody et al , 2018), the PMT (Ameen et al , 2021; Haag et al , 2021; Herath and Rao, 2009; Li et al , 2019; Meso et al , 2013; Tsai et al , 2016; Warkentin et al , 2016), situational action theory (Li et al , 2021), the planned behaviour theory (Bauer and Bernroider, 2017; Cox, 2012; Ifinedo, 2012), rational choice theory (Li et al , 2018; Vance and Siponen, 2012), neutralization theory (Ali et al , 2021; D’Arcy and Teh, 2019) and social bonding theory (Back et al , 2018). Nonetheless, most conventional cyber-security research was administered in business sectors, circumscribed to confirming pre-hypothesized theoretical reasons underlying employees’ failure to adhere to cyber-security policies.…”
Section: Resultsmentioning
confidence: 99%
“…Further, increasing uncertainty is the intentional behavior of an attacker when exploiting vulnerabilities for malicious purposes. This is explained by the fact that predicting human behavior is associated more with existing vulnerabilities and their consequences [4], rather than with preparation for future attacks. As a result, modern approaches identify risks and vulnerabilities under conditions of a high degree of uncertainty, which can lead to errors [5,6].…”
Section: The Development Of Technologies and Computing Resources Not ...mentioning
confidence: 99%
“…Along with a plethora of literature devoted to studying employees’ InfoSec-related behaviors comes various terms to define the objects of study. Terms such as computer abuse (Haag et al, 2021; Straub, 1990; Parker, 1980), compliance (Silic and Lowry, 2020), security-based precautions taking (Burns et al, 2019), problem-focused coping (Liang et al, 2019), adaptive security coping (Chen et al, 2022), policy violation (Sarkar et al, 2020), and prosocial rule breaking (Kim et al, 2022) are often adopted by different scholars without discussing the commonality or differences among them.…”
Section: Motivations1mentioning
confidence: 99%
“…We argue that the relationship between security awareness and InfoSec-related decisions, for example, complying, or not complying, with security policy, is similar to the relationship between moral awareness and ethical/unethical decisions. They are similar in the sense that, if security awareness is not present (i.e., individuals do not have a minimum level of concern regarding security), security-related considerations might not be incorporated into the decision-making process (Haag et al, 2021). The warrant and backings supporting this claim are discussed next. Warrant and backings: Security is not the only consideration, nor the necessary consideration that could affect InfoSec-related behaviors .…”
Section: Appendix A: Analogy and Analogical Reasoning: Security Aware...mentioning
confidence: 99%