Academic journal article Journal of the Association for Information Systems

Neural Correlates of Protection Motivation for Secure IT Behaviors: An fMRI Examination

Academic journal article Journal of the Association for Information Systems

Neural Correlates of Protection Motivation for Secure IT Behaviors: An fMRI Examination

Article excerpt

1 Introduction

Contemporary organizations increasingly rely on the extensive use of information systems, systems that one must maintain and secure from numerous threats. Ironically, extensive research has pointed to the organizational insider, typically the employee, as the primary threat to the security of these very resources (Im & Baskerville, 2005; Stanton, Stam, Mastrangelo, & Jolton, 2005; Warkentin & Willison, 2009; Willison & Warkentin, 2013). Recent survey results (PWC, 2015) show that employees remain the most cited perpetrators of security incidents and that their crimes tend to be more costly to their firms than those that external sources commit. Furthermore, the results show that current employees and service providers were responsible for over 50 percent of reported incidents (PWC, 2015). Respondents in another recent survey indicated that carelessness or lack of awareness caused 38 percent of insider security incidents (Ernst & Young, 2014). An FBI report suggests that up to 20 percent of total company losses comes from nonmalicious insiders (Richardson, 2011). These figures underscore the perennial mandate of decreasing the risk of negligent insiders in organizations (Guo, Yuan, Archer, & Connelly, 2011; Willison & Warkentin, 2013). In another study, surveyed organizations attributed 40 percent of data breaches to negligent employees (Ponemon Institute, 2012a; Wall, 2011). The recent dramatic rise in personal mobile devices in the workplace ("bring your own device" or BYOD practices (Lee, Crossler, & Warkentin, 2013)) and third party applications have introduced even more potential vectors for data leakage from employee carelessness and noncompliance (Ponemon Institute, 2012b).

For one, insider threats remain prominent because insiders often ignore their organizations' cybersecurity policies and procedures. Importantly, training, awareness, and leadership play important roles in supporting and reinforcing an organization's IS security policies (Puhakainen & Siponen, 2010), as do privacy and security values in the overall organizational culture (Van Niekerk & Von Solms, 2010).

Persuasive communications in the form of fear appeals also often support IS security policies (Johnston & Warkentin, 2010). Fear appeals are persuasive messages that highlight a threat to elicit a fearful emotional state that then motivates a subsequent behavioral response (which the message also recommends) (Witte, 1992). Being a primitive, natural state with which nearly all human beings resonate, fear derives from stimuli that seek to motivate changes in attitudes toward actions that facilitate positive results. These stimuli follow a prescribed course of action, especially protective behaviors. By exploiting the basic human emotions of fear and self-preservation, researchers believe that an effective fear appeal effectively articulates a threat while simultaneously providing guidance and support for implementing the recommended response for its amelioration.

When applied appropriately, fear appeals in many settings have proven to effectively facilitate behavioral change (Ruiter, Kessels, Peters, & Kok, 2014). In the health communication literature, for instance, threats to one's health or wellbeing have long been the catalyst for behavioral change (e.g., anti-smoking, anti-drug use, or seat belt safety campaigns). Examples of fear appeals in the health communication literature include public service announcements for HIV and AIDS awareness (Casey, 1995), drug abuse (Dillard, Plotnick, Godbold, Freimuth, & Edgar, 2006), drinking and driving, and skin cancer (Stephenson, 1993). In their study involving female college students, Fry and Prentice-Dunn (2005) found that women provided with coping information to detect and avert breast cancer were less likely to engage in maladaptive behavior rather than the recommended response. Others have also applied fear appeals to other fields. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.