In this study, we examine how to motivate computer users to protect themselves from potential security and privacy threats. We draw on the Information Processing framework which posits that threat mitigation commonly occurs before full cognitive threat assessment and we conduct an empirical study to evaluate the effects of an exposure to general information security threats on the strength of passwords and the disclosure of personal information. Through an online experiment, we compare immediate computer user reactions to potential non-individually specific security and privacy threats in an extra-organizational context. We find evidence consistent with automatic security and privacy protective actions in response to these threats. Computer users exposed to news stories about corporate security breaches limit the disclosure of sensitive personal information and choose stronger passwords. The study complements the existing behavior modification research in information security by providing the theoretical and empirical foundation for the exploration of automatic security and privacy threat mitigation strategies across different contexts.
- Protective behaviors