Abstract
The COVID-19 pandemic has forced individuals to adopt online applications and technologies, as well as remote working patterns. However, with changes in technology and working patterns, new vulnerabilities are likely to arise. Cybersecurity threats have rapidly evolved to exploit uncertainty during the pandemic, and users need to apply careful judgment and vigilance to avoid becoming the victim of a cyber-attack. This paper explores the factors that motivate security behaviour, considering the current environmental uncertainty. An adapted model, primarily based on the Protection Motivation Theory (PMT), is proposed and evaluated using data collected from an online survey of 222 respondents from a Higher Education institution. Data analysis was performed using Partial Least Squares Structural Equation Modelling (PLS-SEM). The results confirm the applicability of PMT in the security context. Respondents’ behavioural intention, perceived threat vulnerability, response cost, response efficacy, security habits, and subjective norm predicted self-reported security behaviour. In contrast, environmental uncertainty, attitude towards policy compliance, self-efficacy and perceived threat severity did not significantly impact behavioural intention. The results show that respondents were able to cope with environmental uncertainty and maintain security behaviour.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Domínguez, C.M.F., Ramaswamy, M., Martinez, E.M., Cleal, M.G.: A framework for information security awareness programs. Issues Inf. Syst. 11(1), 402–409 (2010)
Beautement, A., Sasse, M.A., Wonham, M.: The compliance budget: managing security behaviour in organisations. In: Proceedings of the 2008 New Security Paradigms Workshop, pp. 47–58 (2008)
Naidoo, R.: A multi-level influence model of COVID-19 themed cybercrime. Eur. J. Inf. Syst. 29(3), 306–321 (2020)
Pattinson, M., Parsons, K., Butavicius, M., McCormac, A., Calic, D.: Assessing information security attitudes: a comparison of two studies. Inf. Comput. Secur. 24(2), 228–240 (2016)
Rupere, T., Muhonde, M.: Towards minizing human factors in end-user information security (2012)
Nasir, A., Arshah, R.A., Ab Hamid, M.R.: The significance of main constructs of theory of planned behavior in recent information security policy compliance behavior study: a comparison among top three behavioral theories. Int. J. Eng. Technol. 7(2.29), 737–741 (2018)
Dang-Pham, D., Pittayachawan, S., Bruno, V.: Why employees share information security advice? Exploring the contributing factors and structural patterns of security advice sharing in the workplace. Comput. Hum. Behav. 67, 196–206 (2017)
Tsai, H.S., Jiang, M., Alhabash, S., LaRose, R., Rifon, N.J., Cotten, S.R.: Understanding online safety behaviors: a protection motivation theory perspective. Comput. Secur. 59, 138–150 (2016)
Holmes, M., Ophoff, J.: Online security behaviour: factors influencing intention to adopt two-factor authentication. In: 14th International Conference on Cyber Warfare and Security, ICCWS 2019, p. 123 (2019)
Moletsane, T., Tsibolane, P.: Mobile information security awareness among students in higher education: an exploratory study. In: 2020 Conference on Information Communications Technology and Society (ICTAS), pp. 1–6. IEEE (2020)
Maddux, J.E., Rogers, R.W.: Protection motivation and self-efficacy: a revised theory of fear appeals and attitude change. J. Exp. Soc. Psychol. 19(5), 469–479 (1983)
Yoon, C., Hwang, J.W., Kim, R.: Exploring factors that influence students’ behaviors in information security. J. Inf. Syst. Educ. 23(4), 407–416 (2012)
Tu, Z., Yuan, Y., Archer, N.: Understanding user behaviour in coping with security threats of mobile device loss and theft. Int. J. Mob. Commun. 12(6), 603–623 (2014)
Yoon, C., Kim, H.: Understanding computer security behavioral intention in the workplace. Inf. Technol. People (2013)
Srisawang, S., Thongmak, M., Ngarmyarn, A.: Factors affecting computer crime protection behavior. In: PACIS, p. 31 (2015)
Ajzen, I.: The theory of planned behavior. Organ. Behav. Hum. Decis. Process. 50(2), 179–211 (1991)
Chen, Y., Zahedi, F.M.: Individuals’ internet security perceptions and behaviors: polycontextual contrasts between the United States and China. MIS Q. 40(1), 205–222 (2016)
Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A., Herawan, T.: Information security conscious care behaviour formation in organizations. Comput. Secur. 53, 65–78 (2015)
Johnston, A.C., Warkentin, M.: Fear appeals and information security behaviors: An empirical study. MIS Q. 34(3), 549–566 (2010)
Cheng, L., Li, Y., Li, W., Holm, E., Zhai, Q.: Understanding the violation of IS security policy in organizations: an integrated model based on social control and deterrence theory. Comput. Secur. 39, 447–459 (2013)
Williams, A.S., Maharaj, M.S., Ojo, A.I.: Employee behavioural factors and information security standard compliance in Nigeria banks. Int. J. Comput. Digit. Syst. 8(04), 387–396 (2019)
Rogers, R.W.: A protection motivation theory of fear appeals and attitude change1. J. Psychol. 91(1), 93–114 (1975)
Foltz, C.B., Newkirk, H.E., Schwager, P.H.: An empirical investigation of factors that influence individual behavior toward changing social networking security settings. J. Theor. Appl. Electron. Commer. Res. 11(2), 1–15 (2016)
Ifinedo, P.: Information systems security policy compliance: an empirical study of the effects of socialisation, influence, and cognition. Inf. Manag. 51(1), 69–79 (2014)
Workman, M., Bommer, W.H., Straub, D.: Security lapses and the omission of information security measures: a threat control model and empirical test. Comput. Hum. Behav. 24(6), 2799–2816 (2008)
Limayem, M., Khalifa, M., Chin, W.W.: Factors motivating software piracy: a longitudinal study. IEEE Trans. Eng. Manag. 51(4), 414–425 (2004)
Milliken, F.J.: Three types of perceived uncertainty about the environment: state, effect, and response uncertainty. Acad. Manag. Rev. 12(1), 133–143 (1987)
Straub, D.W.: Validating instruments in MIS research. MIS Q. 13(2), 147–169 (1989)
Woon, I., Tan, G.W., Low, R.: A protection motivation theory approach to home wireless security (2005)
Ng, B.Y., Xu, Y.: Studying users’ computer security behavior using the Health Belief Model. In: PACIS 2007 Proceedings, p. 45 (2007)
Chen, X., Zhang, X.: How environmental uncertainty moderates the effect of relative advantage and perceived credibility on the adoption of mobile health services by Chinese organizations in the big data era. Int. J. Telemed. Appl. 2016 (2016)
Pavlou, P.A., Liang, H., Xue, Y.: Understanding and mitigating uncertainty in online exchange relationships: a principal-agent perspective. MIS Q. 31(1), 105–136 (2007)
Kautondokwa, P.: Factors that motivate end-user security behaviour in higher education: a study of UCT during COVID-19. Department of Information Systems, University of Cape Town, South Africa (2020). Unpublished Honours Project
Hair, J.F., Jr., Hult, G.T.M., Ringle, C., Sarstedt, M.: A Primer on Partial Least Squares Structural Equation Modeling (PLS-SEM). Sage Publications, Los Angeles (2016)
Henseler, J., Ringle, C.M., Sarstedt, M.: A new criterion for assessing discriminant validity in variance-based structural equation modeling. J. Acad. Mark. Sci. 43(1), 115–135 (2014). https://doi.org/10.1007/s11747-014-0403-8
Hair, J.F., Risher, J.J., Sarstedt, M., Ringle, C.M.: When to use and how to report the results of PLS-SEM. Eur. Bus. Rev. (2019)
Martens, M., De Wolf, R., De Marez, L.: Investigating and comparing the predictors of the intention towards taking security measures against malware, scams and cybercrime in general. Comput. Hum. Behav. 92, 139–150 (2019)
Sharma, P., Leung, T.Y., Kingshott, R.P., Davcik, N.S., Cardinali, S.: Managing uncertainty during a global pandemic: an international business perspective. J. Bus. Res. 116, 188–192 (2020)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
A Appendix
A Appendix
Rights and permissions
Copyright information
© 2021 IFIP International Federation for Information Processing
About this paper
Cite this paper
Kautondokwa, P., Ruhwanya, Z., Ophoff, J. (2021). Environmental Uncertainty and End-User Security Behaviour: A Study During the COVID-19 Pandemic. In: Drevin, L., Miloslavskaya, N., Leung, W.S., von Solms, S. (eds) Information Security Education for Cyber Resilience. WISE 2021. IFIP Advances in Information and Communication Technology, vol 615. Springer, Cham. https://doi.org/10.1007/978-3-030-80865-5_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-80865-5_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-80864-8
Online ISBN: 978-3-030-80865-5
eBook Packages: Computer ScienceComputer Science (R0)
