What Users Do Besides Problem-Focused Coping When Facing IT Security Threats: An Emotion-Focused Coping Perspective

This paper investigates how individuals cope with IT security threats by taking into account both problem-focused and emotion-focused coping. While problem-focused coping (PFC) has been extensively studied in the IT security literature, little is known about emotion-focused coping (EFC). We propose that individuals employ both PFC and EFC to volitionally cope with IT security threats, and conceptually classify EFC into two categories: inward and outward. Our research model is tested by two studies: an experiment with 140 individuals and a survey of 934 respondents. Our results indicate that both inward EFC and outward EFC are stimulated by perceived threat, but that only inward EFC is reduced by perceived avoidability. Interestingly, inward EFC and outward EFC are found to have opposite effects on PFC. While inward EFC impedes PFC, outward EFC facilitates PFC. By integrating both EFC and PFC in a single model, we provide a more complete understanding of individual behavior under IT security threats. Moreover, by theorizing two categories of EFC and showing their opposing effects on users’ security behaviors, we further examine the paradoxical relationship between EFC and PFC, thus making an important contribution to IT security research and practice.

[1]  Terry S. Overton,et al.  Estimating Nonresponse Bias in Mail Surveys , 1977 .

[2]  J. Nunnally Psychometric Theory (2nd ed), New York: McGraw-Hill. , 1978 .

[3]  Rolph E. Anderson,et al.  Multivariate Data Analysis: Text and Readings , 1979 .

[4]  C. Fornell,et al.  Evaluating structural equation models with unobservable variables and measurement error. , 1981 .

[5]  James C. Anderson,et al.  On the Meaning of Within-Factor Correlated Measurement Errors , 1984 .

[6]  S. Folkman,et al.  Journal of Personality and Social Psychology If It Changes It Must Be a Process: Study of Emotion and Coping during Three Stages of a College Examination , 2022 .

[7]  S. Folkman,et al.  Dynamics of a stressful encounter: cognitive appraisal, coping, and encounter outcomes. , 1986, Journal of personality and social psychology.

[8]  S. Folkman,et al.  Appraisal, coping, health status, and psychological symptoms. , 1986, Journal of personality and social psychology.

[9]  C. Carver,et al.  Assessing coping strategies: a theoretically based approach. , 1989, Journal of personality and social psychology.

[10]  Izak Benbasat,et al.  Development of an Instrument to Measure the Perceptions of Adopting an Information Technology Innovation , 1991, Inf. Syst. Res..

[11]  Kenneth S. Law,et al.  Toward A Taxonomy of Multidimensional Constructs , 1998 .

[12]  P. Bentler,et al.  Cutoff criteria for fit indexes in covariance structure analysis : Conventional criteria versus new alternatives , 1999 .

[13]  Detmar W. Straub,et al.  Structural Equation Modeling and Regression: Guidelines for Research Practice , 2000, Commun. Assoc. Inf. Syst..

[14]  M. Lindell,et al.  Accounting for common method variance in cross-sectional research designs. , 2001, The Journal of applied psychology.

[15]  Cheryl Burke Jarvis,et al.  A Critical Review of Construct Indicators and Measurement Model Misspecification in Marketing and Consumer Research , 2003 .

[16]  Scott B. MacKenzie,et al.  Common method biases in behavioral research: a critical review of the literature and recommended remedies. , 2003, The Journal of applied psychology.

[17]  Younghwa Lee,et al.  Investigating factors affecting the adoption of anti-spyware systems , 2005, CACM.

[18]  W. R. Dillon,et al.  A simulation study to investigate the use of cutoff values for assessing model fit in covariance structure models , 2005 .

[19]  Judy A. Siguaw,et al.  Formative versus Reflective Indicators in Organizational Measure Development: A Comparison and Empirical Illustration , 2006 .

[20]  An Empirical Examination , 2007 .

[21]  Ross A. Thompson,et al.  Emotion regulation: Conceptual foundations , 2007 .

[22]  Detmar W. Straub,et al.  Specifying Formative Constructs in Information Systems Research , 2007, MIS Q..

[23]  Detmar W. Straub,et al.  Security lapses and the omission of information security measures: A threat control model and empirical test , 2008, Comput. Hum. Behav..

[24]  Younghwa Lee,et al.  Threat or coping appraisal: determinants of SMB executives’ decision to adopt anti-malware software , 2009, Eur. J. Inf. Syst..

[25]  Atreyi Kankanhalli,et al.  Studying users' computer security behavior: A health belief perspective , 2009, Decis. Support Syst..

[26]  Xenophon Koufteros,et al.  A paradigm for examining second-order factor models employing structural equation modeling , 2009 .

[27]  Yajiong Xue,et al.  Avoidance of Information Technology Threats: A Theoretical Perspective , 2009, MIS Q..

[28]  Ronald T. Cenfetelli,et al.  Interpretation of Formative Measurement in Information Systems Research , 2009, MIS Q..

[29]  Dennis F. Galletta,et al.  User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach , 2009, Inf. Syst. Res..

[30]  Merrill Warkentin,et al.  Fear Appeals and Information Security Behaviors: An Empirical Study , 2010, MIS Q..

[31]  Yajiong Xue,et al.  Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective , 2010, J. Assoc. Inf. Syst..

[32]  Anne Beaudry,et al.  The Other Side of Acceptance: Studying the Direct and Indirect Effects of Emotions on Information Technology Use , 2010, MIS Q..

[33]  Ritu Agarwal,et al.  Practicing Safe Computing: A Multimedia Empirical Examination of Home Computer User Security Behavioral Intentions , 2010, MIS Q..

[34]  Straub,et al.  Editor's Comments: An Update and Extension to SEM Guidelines for Administrative and Social Science Research , 2011 .

[35]  Detmar W. Straub,et al.  An Update and Extension to SEM Guidelines for Admnistrative and Social Science Research , 2011 .

[36]  Adamantios Diamantopoulos,et al.  Incorporating Formative Measures into Covariance-Based Structural Equation Models , 2011, MIS Q..

[37]  Dahui Li,et al.  Fighting identity theft: The coping perspective , 2012, Decis. Support Syst..

[38]  Rui Chen,et al.  Security services as coping mechanisms: an investigation into user intention to adopt an email authentication service , 2014, Inf. Syst. J..

[39]  Paul Benjamin Lowry,et al.  Improving Password Cybersecurity Through Inexpensive and Minimally Invasive Means: Detecting and Deterring Password Reuse Through Keystroke-Dynamics Monitoring and Just-in-Time Fear Appeals , 2014, Inf. Technol. Dev..

[40]  Robert E. Crossler,et al.  An Extended Perspective on Individual Security Behaviors: Protection Motivation Theory and a Unified Security Practices (USP) Instrument , 2014, DATB.

[41]  Steve Love,et al.  Security awareness of computer users: A phishing threat avoidance perspective , 2014, Comput. Hum. Behav..

[42]  Zhu Qingjian Strategy for College Students' Career Planning under the Perspective of Cask Effect Theory , 2014 .

[43]  Dennis F. Galletta,et al.  What Do Systems Users Have to Fear? Using Fear Appeals to Engender Threats and Fear that Motivate Protective Security Behaviors , 2015, MIS Q..

[44]  Ofir Turel,et al.  Learning to cope with information security risks regarding mobile device loss or theft: An empirical examination , 2015, Inf. Manag..

[45]  Shelia R. Cotten,et al.  Determinants of online safety behaviour: towards an intervention strategy for college students , 2015, Behav. Inf. Technol..

[46]  Fatemeh Zahedi,et al.  Individuals' Internet Security Perceptions and Behaviors: Polycontextual Contrasts Between the United States and China , 2016, MIS Q..

[47]  Robert LaRose,et al.  Understanding online safety behaviors: A protection motivation theory perspective , 2016, Comput. Secur..

[48]  Helmut Krcmar,et al.  User Roles on Peer-to-Peer Sharing Platforms: A Critical Review of the Literature and Recommended Remedies , 2020, HICSS.