Evaluating the Core and Full Protection Motivation Theory Nomologies for the Voluntary Adoption of Password Manager Applications

The protection motivation theory (PMT) is widely used in behavioral information security research, with multiple instantiations of the theoretical model applied in the literature. The purpose of this study is to perform a theoretical (conceptual) replication of both the core and full (PMT) nomologies in the context of voluntary password manager application use for individual home end-users. In our study, the full PMT model explained more variance than the core PMT model, but the relationships between multiple behavioral antecedents differed between the core and full PMT models, possibly due to differences in model complexity. Our findings suggest that researchers should justify the version of the PMT that they choose to use based on their research objectives with the understanding that the same variables may be significant in one version of the PMT but not significant in another version of the PMT.

[1]  H. Leventhal,et al.  Findings and Theory in the Study of Fear Communications , 1970 .

[2]  Mo Adam Mahmood,et al.  Employees' adherence to information security policies: An exploratory field study , 2014, Inf. Manag..

[3]  R. Peterson On the Use of College Students in Social Science Research: Insights from a Second‐Order Meta‐analysis , 2001 .

[4]  R. W. Rogers,et al.  Protection motivation and self-efficacy: A revised theory of fear appeals and attitude change , 1983 .

[5]  Merrill Warkentin,et al.  Fear Appeals and Information Security Behaviors: An Empirical Study , 2010, MIS Q..

[6]  Cheryl Burke Jarvis,et al.  A Critical Review of Construct Indicators and Measurement Model Misspecification in Marketing and Consumer Research , 2003 .

[7]  Rex B. Kline,et al.  Principles and Practice of Structural Equation Modeling , 1998 .

[8]  R. Rogers Cognitive and physiological processes in fear appeals and attitude change: a revised theory of prote , 1983 .

[9]  Cheryl Campanella Bracken,et al.  Testing the Theoretical Design of a Health Risk Message: Reexamining the Major Tenets of the Extended Parallel Process Model , 2005, Health education & behavior : the official publication of the Society for Public Health Education.

[10]  Dennis F. Galletta,et al.  What Do Systems Users Have to Fear? Using Fear Appeals to Engender Threats and Fear that Motivate Protective Security Behaviors , 2015, MIS Q..

[11]  Jordan Shropshire,et al.  Continuance of protective security behavior: A longitudinal study , 2016, Decis. Support Syst..

[12]  Paul Benjamin Lowry,et al.  Partial Least Squares (PLS) Structural Equation Modeling (SEM) for Building and Testing Behavioral Causal Theory: When to Choose It and How to Use It , 2014, IEEE Transactions on Professional Communication.

[13]  Robert E. Crossler,et al.  An Extended Perspective on Individual Security Behaviors: Protection Motivation Theory and a Unified Security Practices (USP) Instrument , 2014, DATB.

[14]  Vidal Díaz de Rada Igúzquiza,et al.  Internet, Phone, Mail and Mixed-Mode Surveys: The Tailored Design Method. Don A. Dillman, Jolene D. Smyth y Leah Melani Christian. (New Jersey, John Wiley and Sons, 2014) , 2016 .

[15]  Paul Benjamin Lowry,et al.  Increasing Accountability Through User-Interface Design Artifacts: A New Approach to Addressing the Problem of Access-Policy Violations , 2015, MIS Q..

[16]  Kim Witte,et al.  Fear as motivator, fear as inhibitor: Using the extended parallel process model to explain fear appeal successes and failures. , 1996 .

[17]  Fatemeh Zahedi,et al.  Individuals' Internet Security Perceptions and Behaviors: Polycontextual Contrasts Between the United States and China , 2016, MIS Q..

[18]  K Witte,et al.  Predicting risk behaviors: development and validation of a diagnostic scale. , 1996, Journal of health communication.

[19]  R. W. Rogers,et al.  A Protection Motivation Theory of Fear Appeals and Attitude Change1. , 1975, The Journal of psychology.

[20]  Lemuria Carter,et al.  Dispositional and situational factors: influences on information security policy violations , 2016, Eur. J. Inf. Syst..

[21]  Judy Drennan,et al.  Privacy, Risk Perception, and Expert Online Behavior: An Exploratory Study of Household End Users , 2006, J. Organ. End User Comput..

[22]  G. Kok,et al.  Sixty years of fear appeal research: current state of the evidence. , 2014, International journal of psychology : Journal international de psychologie.

[23]  Gary Meyer,et al.  Effective Health Risk Messages: A Step-By-Step Guide , 2001 .

[24]  Tejaswini Herath,et al.  Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness , 2009, Decis. Support Syst..

[25]  E. Seydel,et al.  Protection Motivation Theory , 2022 .

[26]  R. Stine,et al.  Bootstrapping Goodness-of-Fit Measures in Structural Equation Models , 1992 .

[27]  Detmar W. Straub,et al.  An Update and Extension to SEM Guidelines for Admnistrative and Social Science Research , 2011 .

[28]  Jeffrey D. Wall,et al.  Control-Related Motivations and Information Security Policy Compliance: The Role of Autonomy and Efficacy , 2013 .

[29]  H. Marsh,et al.  In Search of Golden Rules: Comment on Hypothesis-Testing Approaches to Setting Cutoff Values for Fit Indexes and Dangers in Overgeneralizing Hu and Bentler's (1999) Findings , 2004 .

[30]  Robert E. Crossler,et al.  Understanding Compliance with Bring Your Own Device Policies Utilizing Protection Motivation Theory: Bridging the Intention-Behavior Gap , 2014, J. Inf. Syst..

[31]  Anat Hovav,et al.  Employees' Compliance with BYOD Security Policy: Insights from Reactance, Organizational Justice, and Protection Motivation Theory , 2014, ECIS.

[32]  Detmar W. Straub,et al.  Security lapses and the omission of information security measures: A threat control model and empirical test , 2008, Comput. Hum. Behav..

[33]  G. A. Marcoulides,et al.  A First Course in Structural Equation Modeling , 2000 .

[34]  P. Bentler,et al.  Cutoff criteria for fit indexes in covariance structure analysis : Conventional criteria versus new alternatives , 1999 .

[35]  Daniel N. McIntosh,et al.  Facial Movement, Breathing, Temperature, and Affect: Implications of the Vascular Theory of Emotional Efference , 1997 .

[36]  Marcia J. Simmering,et al.  A Tale of Three Perspectives , 2009 .

[37]  K. Witte Putting the fear back into fear appeals: The extended parallel process model , 1992 .

[38]  Detmar W. Straub,et al.  Specifying Formative Constructs in Information Systems Research , 2007, MIS Q..

[39]  J. Hair Multivariate data analysis : a global perspective , 2010 .

[40]  Yajiong Xue,et al.  Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective , 2010, J. Assoc. Inf. Syst..

[41]  B. Byrne Structural Equation Modeling With AMOS, EQS, and LISREL: Comparative Approaches to Testing for the Factorial Validity of a Measuring Instrument , 2001 .

[42]  Scott B. MacKenzie,et al.  Common method biases in behavioral research: a critical review of the literature and recommended remedies. , 2003, The Journal of applied psychology.

[43]  Rasmus Vahtra Password managers , 2015 .

[44]  Merrill Warkentin,et al.  An Enhanced Fear Appeal Rhetorical Framework: Leveraging Threats to the Human Asset Through Sanctioning Rhetoric , 2015, MIS Q..

[45]  Detmar W. Straub,et al.  Neural Correlates of Protection Motivation for Secure IT Behaviors: An fMRI Examination , 2016, J. Assoc. Inf. Syst..

[46]  H. Raghav Rao,et al.  Protection motivation and deterrence: a framework for security policy compliance in organisations , 2009, Eur. J. Inf. Syst..

[47]  P. Sheeran,et al.  Prediction and Intervention in Health-Related Behavior: A Meta-Analytic Review of Protection Motivation Theory , 2000 .

[48]  Salvatore Aurigemma,et al.  A Composite Framework for Behavioral Compliance with Information Security Policies , 2012, 2012 45th Hawaii International Conference on System Sciences.

[49]  R. W. Rogers,et al.  A meta-analysis of research on protection motivation theory. , 2000 .

[50]  Robert LaRose,et al.  Keeping our network safe: a model of online protection behaviour , 2008, Behav. Inf. Technol..

[51]  Tom L. Roberts,et al.  The Impact of Organizational Commitment on Insiders’ Motivation to Protect Organizational Information Assets , 2015, J. Manag. Inf. Syst..

[52]  A. Hayes Beyond Baron and Kenny: Statistical Mediation Analysis in the New Millennium , 2009 .

[53]  A. Osman,et al.  The Pain Anxiety Symptoms Scale: Psychometric properties in a community sample , 1994, Journal of Behavioral Medicine.