Continuance of protective security behavior: A longitudinal study

摘要

Previous research has established continuance models that explain and predict an individual's behaviors when engaged with hedonic or functional systems, or with other environments that provide productivity-enhancing outcomes. However, within the context of information security, these models are not applicable and fail to accurately assess the circumstances in which an individual engages in protective security behaviors beyond an initial adoption. This research addresses this gap and establishes a model for explaining an individual's continued engagement in protective security behaviors, which is a significant problem in securing enterprise information resources. Within this model, protection motivation theory (PMT) is considered an underlying theoretical motivation for continuance intention using constructs such as perceived threat severity, perceived threat susceptibility, self-efficacy, and response efficacy as direct antecedents of behavioral intents and indirect predictors of continuance behavior. Furthermore, the introduction of perceived extraneous circumstances is used to reconcile the “acceptance–discontinuance anomaly.” A novel research methodology for measuring actual security behavior continuance was developed for this investigation. Experimental results indicate support for all of the proposed relationships, with the exception of response efficacy—continuance intent. Nearly half of the variance in the dependent variable, continuance behavior, was explained by the model. This is the first comprehensive empirical investigation of protective security behavior continuance intention. The findings have practical implications for security administrators and security technology solution providers, and they have theoretical ramifications in the area of behavioral information security and protection motivation theory.