The impact of information security threat awareness on privacy-protective behaviors

Stanislav Mamonov, Raquel Benbunan-Fich

Research output: Contribution to journalArticleResearchpeer-review

3 Citations (Scopus)

Abstract

In this study, we examine how to motivate computer users to protect themselves from potential security and privacy threats. We draw on the Information Processing framework which posits that threat mitigation commonly occurs before full cognitive threat assessment and we conduct an empirical study to evaluate the effects of an exposure to general information security threats on the strength of passwords and the disclosure of personal information. Through an online experiment, we compare immediate computer user reactions to potential non-individually specific security and privacy threats in an extra-organizational context. We find evidence consistent with automatic security and privacy protective actions in response to these threats. Computer users exposed to news stories about corporate security breaches limit the disclosure of sensitive personal information and choose stronger passwords. The study complements the existing behavior modification research in information security by providing the theoretical and empirical foundation for the exploration of automatic security and privacy threat mitigation strategies across different contexts.

Original languageEnglish
Pages (from-to)32-44
Number of pages13
JournalComputers in Human Behavior
Volume83
DOIs
StatePublished - 1 Jun 2018

Fingerprint

Privacy
Security of data
Disclosure
Behavior Therapy
Automatic Data Processing
Threat
Experiments
Research

Keywords

  • Passwords
  • Privacy
  • Protective behaviors
  • Security
  • Self-disclosure

Cite this

@article{94d9f7749e1c44bc8fc81d91b791b766,
title = "The impact of information security threat awareness on privacy-protective behaviors",
abstract = "In this study, we examine how to motivate computer users to protect themselves from potential security and privacy threats. We draw on the Information Processing framework which posits that threat mitigation commonly occurs before full cognitive threat assessment and we conduct an empirical study to evaluate the effects of an exposure to general information security threats on the strength of passwords and the disclosure of personal information. Through an online experiment, we compare immediate computer user reactions to potential non-individually specific security and privacy threats in an extra-organizational context. We find evidence consistent with automatic security and privacy protective actions in response to these threats. Computer users exposed to news stories about corporate security breaches limit the disclosure of sensitive personal information and choose stronger passwords. The study complements the existing behavior modification research in information security by providing the theoretical and empirical foundation for the exploration of automatic security and privacy threat mitigation strategies across different contexts.",
keywords = "Passwords, Privacy, Protective behaviors, Security, Self-disclosure",
author = "Stanislav Mamonov and Raquel Benbunan-Fich",
year = "2018",
month = "6",
day = "1",
doi = "10.1016/j.chb.2018.01.028",
language = "English",
volume = "83",
pages = "32--44",
journal = "Computers in Human Behavior",
issn = "0747-5632",
publisher = "Elsevier Ltd",

}

The impact of information security threat awareness on privacy-protective behaviors. / Mamonov, Stanislav; Benbunan-Fich, Raquel.

In: Computers in Human Behavior, Vol. 83, 01.06.2018, p. 32-44.

Research output: Contribution to journalArticleResearchpeer-review

TY - JOUR

T1 - The impact of information security threat awareness on privacy-protective behaviors

AU - Mamonov, Stanislav

AU - Benbunan-Fich, Raquel

PY - 2018/6/1

Y1 - 2018/6/1

N2 - In this study, we examine how to motivate computer users to protect themselves from potential security and privacy threats. We draw on the Information Processing framework which posits that threat mitigation commonly occurs before full cognitive threat assessment and we conduct an empirical study to evaluate the effects of an exposure to general information security threats on the strength of passwords and the disclosure of personal information. Through an online experiment, we compare immediate computer user reactions to potential non-individually specific security and privacy threats in an extra-organizational context. We find evidence consistent with automatic security and privacy protective actions in response to these threats. Computer users exposed to news stories about corporate security breaches limit the disclosure of sensitive personal information and choose stronger passwords. The study complements the existing behavior modification research in information security by providing the theoretical and empirical foundation for the exploration of automatic security and privacy threat mitigation strategies across different contexts.

AB - In this study, we examine how to motivate computer users to protect themselves from potential security and privacy threats. We draw on the Information Processing framework which posits that threat mitigation commonly occurs before full cognitive threat assessment and we conduct an empirical study to evaluate the effects of an exposure to general information security threats on the strength of passwords and the disclosure of personal information. Through an online experiment, we compare immediate computer user reactions to potential non-individually specific security and privacy threats in an extra-organizational context. We find evidence consistent with automatic security and privacy protective actions in response to these threats. Computer users exposed to news stories about corporate security breaches limit the disclosure of sensitive personal information and choose stronger passwords. The study complements the existing behavior modification research in information security by providing the theoretical and empirical foundation for the exploration of automatic security and privacy threat mitigation strategies across different contexts.

KW - Passwords

KW - Privacy

KW - Protective behaviors

KW - Security

KW - Self-disclosure

UR - http://www.scopus.com/inward/record.url?scp=85041425544&partnerID=8YFLogxK

U2 - 10.1016/j.chb.2018.01.028

DO - 10.1016/j.chb.2018.01.028

M3 - Article

VL - 83

SP - 32

EP - 44

JO - Computers in Human Behavior

JF - Computers in Human Behavior

SN - 0747-5632

ER -