Cybersecurity researchers have done a lot of work in increasing our collective understanding of how individuals (at work and home) are motivated to take security precautions.
Well, in this study, we evaluated 3 of the most used theories (protection, intrinsic, and identity) to understand which ones are most effective in motivating both
Security behaviors that are borne out of compliance, aka in-role security behaviors, and
Security behaviors that are discretionary and voluntary, aka extra-role security behaviors.
Although we based all our hypotheses on the literature, we were still surprised by the results.
In a nutshell, we found that identity based motivations are instrumental in increasing both in-role behaviors and extra-role security behaviors. Whereas, protection motivation hinders extra-role security behaviors.
I hear you saying... but what does this really mean? More to come.
Forthcoming: Computers & Security https://doi.org/10.1016/j.cose.2023.103136
Author: Obi Ogbanufe, PhD & Ling Ge, PhD
Abstract
This study examines the contrast between three motivation theories (identity, protection, and intrinsic) and their impact on two forms of security behaviors (in-role and extra-role). The information security literature has informed much of our understanding of how individuals are motivated to perform security behaviors, with a predominant focus on the Protection Motivation and Intrinsic Motivation theories.
We draw from recent insights from the Identity Theory and its explanation of behaviors in the workplace to compare motivations towards in-role and extra-role security behaviors. Whereas identity is influential in positively motivating in-role and extra-role behaviors, intrinsic motivation does not influence in-role behaviors, and protection motivation reduces extra-role behaviors. These results provide insights on the role that identity plays as a capable motivation with implications for research and practice
Article
Comments