To (Psychologically) Own Data is to Protect Data: How Psychological Ownership Determines Protective Behavior in a Work and Private Context

The ever rising rates of data generation entail new opportunities for business and society but also an increasing risk of data breaches. Apart from technical measures, approaches like password authentication to ensure data protection revolve around the end-user as the human element in information security. Drawing on organizational research which argues that the sole feeling of ownership towards an intangible target like data can lead to heightened levels of the individual’s responsibility, we investigate whether and to what extent this ownership feeling differs between personal files and data accessed in the work context. To this end, we draw on data derived through a two-phase questionnaire among a representative group of 209 employees. Consequently, we find evidence that psychological ownership shows stronger effects on protection motivation among participants in a private context. Furthermore, results indicate that employees partly relinquish their responsibility regarding security responses to protect data in their work context.

[1]  Peter Mayer,et al.  Reliable Behavioural Factors in the Information Security Context , 2017, ARES.

[2]  C. Fornell,et al.  Evaluating structural equation models with unobservable variables and measurement error. , 1981 .

[3]  Björn Niehaves,et al.  Exploring Psychological Ownership of IT: an Empirical Study , 2016, ECIS.

[4]  I. Ajzen,et al.  Belief, Attitude, Intention, and Behavior: An Introduction to Theory and Research , 1977 .

[5]  Merrill Warkentin,et al.  Beyond Deterrence: An Expanded View of Employee Computer Abuse , 2013, MIS Q..

[6]  H. Raghav Rao,et al.  Protection motivation and deterrence: a framework for security policy compliance in organisations , 2009, Eur. J. Inf. Syst..

[7]  Yajiong Xue,et al.  Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective , 2010, J. Assoc. Inf. Syst..

[8]  Ritu Agarwal,et al.  Practicing Safe Computing: A Multimedia Empirical Examination of Home Computer User Security Behavioral Intentions , 2010, MIS Q..

[9]  Robert M. Davison,et al.  Context is king! Considering particularism in research design and reporting , 2016, J. Inf. Technol..

[10]  P. Bentler,et al.  Fit indices in covariance structure modeling : Sensitivity to underparameterized model misspecification , 1998 .

[11]  Lita Furby,et al.  Understanding the psychology of possession and ownership: A personal memoir and an appraisal of our progress. , 1991 .

[12]  Rajiv Kohli,et al.  Extending the Privacy Calculus: The Role of Psychological Ownership , 2014, ICIS.

[13]  S. Sutton,et al.  Perceived difficulty in the theory of planned behaviour: perceived behavioural control or affective attitude? , 2005, The British journal of social psychology.

[14]  Peter Buxmann,et al.  Gender Differences in Mobile Users' IT Security Appraisals and Protective Actions: Findings from a Mixed-Method Study , 2016, ICIS.

[15]  Dennis F. Galletta,et al.  What Do Systems Users Have to Fear? Using Fear Appeals to Engender Threats and Fear that Motivate Protective Security Behaviors , 2015, MIS Q..

[16]  Robert E. Crossler,et al.  Protection Motivation Theory: Understanding Determinants to Backing Up Personal Data , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[17]  Scott B. MacKenzie,et al.  Common method biases in behavioral research: a critical review of the literature and recommended remedies. , 2003, The Journal of applied psychology.

[18]  Izak Benbasat,et al.  Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness , 2010, MIS Q..

[19]  Merrill Warkentin,et al.  Fear Appeals and Information Security Behaviors: An Empirical Study , 2010, MIS Q..

[20]  Qing Hu,et al.  Future directions for behavioral information security research , 2013, Comput. Secur..

[21]  James B. Avey,et al.  Psychological ownership: theoretical extensions, measurement and relation to work outcomes , 2009, Journal of Organizational Behavior.

[22]  J. L. Pierce,et al.  Psychological ownership and feelings of possession: three field studies predicting employee attitudes and organizational citizenship behavior , 2004 .

[23]  Paul Benjamin Lowry,et al.  The Impact of Collectivism and Psychological Ownership on Protection Motivation: A Cross-Cultural Examination , 2018, Comput. Secur..

[24]  Tobias Kowatsch,et al.  Quantitative Longitudinal Research: A Review of IS Literature, and a Set of Methodological Guidelines , 2015, ECIS.

[25]  Detmar W. Straub,et al.  Security lapses and the omission of information security measures: A threat control model and empirical test , 2008, Comput. Hum. Behav..

[26]  D. Vandewalle,et al.  Psychological Ownership: An Empirical Examination of its Consequences , 1995 .

[27]  Huseyin Cavusoglu,et al.  Configuration of and Interaction Between Information Security Technologies: The Case of Firewalls and Intrusion Detection Systems , 2009, Inf. Syst. Res..

[28]  P. Sheeran,et al.  Does changing behavioral intentions engender behavior change? A meta-analysis of the experimental evidence. , 2006, Psychological bulletin.

[29]  K Witte,et al.  Predicting risk behaviors: development and validation of a diagnostic scale. , 1996, Journal of health communication.

[30]  Anthony G. Greenwald,et al.  Is the Implicit Association Test a Valid and Valuable Measure of Implicit Consumer Social Cognition , 2004 .

[31]  H. Dittmar The social psychology of material possessions: To have is to be , 1992 .

[32]  A. Bandura Self-efficacy: toward a unifying theory of behavioral change. , 1977, Psychology Review.

[33]  R. Frank Falk,et al.  A Primer for Soft Modeling , 1992 .

[34]  J. W. Berry,et al.  Semantics of Ownership: A Free-Recall Study of Property , 1987 .

[35]  M. Breitner,et al.  Information security awareness and behavior: a theory-based literature review , 2014 .

[36]  R. W. Rogers,et al.  A meta-analysis of research on protection motivation theory. , 2000 .

[37]  Jian Mou,et al.  A Meta-Analytic Structural Equation Modeling Test of Protection Motivation Theory in Information Security Literature , 2017, ICIS.

[38]  Andrew N. K. Chen,et al.  Usability Design and Psychological Ownership of a Virtual World , 2011, J. Manag. Inf. Syst..

[39]  I. Ajzen Perceived behavioral control, self-efficacy, locus of control, and the theory of planned behavior. , 2002 .

[40]  I. Ajzen The theory of planned behavior , 1991 .

[41]  Robert L. Dipboye,et al.  A critical review of Korman's self-consistency theory of work motivation and occupational choice , 1977 .

[42]  Mo Adam Mahmood,et al.  Employees' Behavior towards IS Security Policy Compliance , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[43]  J. L. Pierce,et al.  Toward a Theory of Psychological Ownership in Organizations , 2001 .

[44]  Detmar W. Straub,et al.  Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..

[45]  D. Pinto Secrets and Lies: Digital Security in a Networked World , 2003 .

[46]  James V. Hansen,et al.  Genetic programming for prevention of cyberterrorism through dynamic and evolving intrusion detection , 2007, Decis. Support Syst..

[47]  J. L. Pierce,et al.  The State of Psychological Ownership: Integrating and Extending a Century of Research , 2003 .

[48]  P. Sheeran,et al.  Combining motivational and volitional interventions to promote exercise participation: protection motivation theory and implementation intentions. , 2002, British journal of health psychology.

[49]  Marko Sarstedt,et al.  Editorial - Partial Least Squares Structural Equation Modeling: Rigorous Applications, Better Results and Higher Acceptance , 2013 .

[50]  Richard P. Bagozzi,et al.  Specification, evaluation, and interpretation of structural equation models , 2012 .

[51]  Richard P. Bagozzi,et al.  On the Use of Structural Equation Models in Experimental Designs , 1989 .