Abstract
Self-efficacy is the most frequently examined attribute in the adoption of Information Systems (IS) security innovations. Yet, the role of self-efficacy in the adoption of IS security innovations is ambiguous. The empirical studies that examined the factor have produced mixed and inconsistent results. Through a meta-analysis of 59 extant research, the study aggregated findings of the past research that examined the effect of self-efficacy and the adoption of IS security innovations. The results of this meta-analysis confirmed the significance of self-efficacy for the adoption of IS security innovations. The findings suggest that individuals with stronger self-confidence for tackling IS security threats are more likely to adopt IS security innovation. Through a meta-analysis moderator effect examination, the study further demonstrates that some research conditions may influence the outcome of the relationship between self-efficacy and the adoption of IS security innovations. The conclusion is that those who are in charge of IS security management in organizations should target increasing employee’s self-efficacy.
Similar content being viewed by others
References
Adhikari K, Panda RK (2018) Users’ information privacy concerns and privacy protection behaviors in social networks. J Glob Mark 31(2):96–110
Alshboul A (2010) Information systems security measures and countermeasures: protecting organizational assets from malicious attacks. Communications of the IBIMA, pp 9p
Anderson CL, Agarwal R (2010) Practicing safe computing: a multimedia empirical examination of home computer user security behavioral intentions. MIS Q 34(3):613–643
Arachchilage NAG, Hameed MA (2017) Integrating self-efficacy into a gamified approach to thwart phishing attacks. In: The Proceedings of 5th International Conference on Cybercrime and Computer Forensics (ICCCF)
Arachchilage NAG, Love S (2014) Security awareness of computer users: a phishing threat avoidance perspective. Comput Hum Behav 38:304–312
Aurigemma S, Mattson T (2014) Do it OR ELSE! Exploring the effectiveness of deterrence on employee compliance with information security policies. In: The Proceeding of the 20th Americas Conference on Information Systems AMCIS - 2014
Aurigemma S, Mattson T (2018) Exploring the effect of uncertainty avoidance on taking voluntary protective security actions. Comput Secur 73:219–234
Aurigemma S, Mattson T, Leonard LNK (2019) Evaluating the core and full protection motivation theory nomologies for the voluntary adoption of password manager applications. AIS Trans Replication Res 5:1–21
Bandura A (1977) Self-efficacy: the exercise of control. W. H. Freeman and Company, New York
Baron RM, Kenny DA (1986) The moderator–mediator variable distinction in social psychological research: conceptual, strategic and statistical considerations. J Pers Soc Psychol 51(6):1173–1182
Bélanger F, Collignon S, Enget K, Negangard E (2017) Determinants of early conformance with information security policies. Inf Manag 54:887–901
Boerman SC, Kruikemeier S, Borgesius FJZ (2018) Exploring motivations for online privacy protection behavior: insights from panel data. Commun Res 45(8):1103–1121
Bulgurcu B, Cavusoglu H, Benbasat I (2010) Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Q 34(3):523–555
Burns AJ, Posey C, Tom L, Roberts TL, Lowry PB (2017) Examining the relationship of organizational insiders’ psychological capital with information security threat and coping appraisals. Comput Hum Behav 68:190–209
Chan M, Woon IMY, Kankanhalli A (2005) Perceptions of information security at the workplace: linking information security climate to compliant behavior. J Inf Privacy Secur 1(3):18–41
Chaoguang H, Feicheng M, Yifei Q, Yuchao W (2018) Exploring the determinants of health knowledge adoption in social media: an intention-behavior-gap perspective. Inf Dev 34(4):346–363
Chenoweth T, Gattiker T, Corral K (2019) Adaptive and maladaptive coping with an it threat information systems management. 36(1):24–39
Cho V, Ip WH (2018) A study of BYOD adoption from the lens of threat and coping appraisal of its security policy. Enterp Inf Syst 12(6):659–673
Chou H, Chou C (2016) An analysis of multiple factors relating to teachers’ problematic information security behavior. Comput Hum Behav 65:334–345
Cohen J (1988) Statistical power analysis for the behavioral sciences. (2nd ed.). Hillsdale, NJ
Compeau DR, Higgins CA (1995) Computer self-efficacy: development of a measure and initial test. MIS Q 19(2):189–211
Cooper HM, Hedges LV, Valentine JC (2009) The handbook of research synthesis and meta-analysis, 2nd edn. Russell Sage Foundation, New York
Cox J (2012) Information systems user security: a structured model of the knowing-doing gap. Comput Hum Behav 28:1849–1858
Crossler RE, Johnston AC, Lowry PB, Hu Q, Warkentin M, Baskerville R (2013) Future directions for behavioral information security research. Comput Secur 32:90–101
Dinev T, Goo J, Hu Q, Nam K (2009) User behaviour towards protective information technologies: the role of national cultural differences. Inf Syst J 19:391–412
Duval SJ (2005) The trim and fill method. In: Rothstein HR, Sutton AJ, Borenstein M (eds) Publication bias in meta-analysis: prevention, assessment, and adjustments. Wiley, Chichester, pp 127–144
Feruza YS, Kim T (2007) IT security review: privacy, protection, access control, assurance and system security. Int J Multimedia Ubiquitous Eng 2(2):17–32
Glass GV, McGaw B, Smith ML (1981) Meta-analysis in social research. SAGE, Beverly Hills, CA
Grimes M, Marquardson J (2019) Quality matters: evoking subjective norms and coping appraisals by system design to increase security intentions. Decis Support Syst 119:23–34
Guzzo RA, Jackson SE, Katzell RA (1987) Meta-analysis analysis. Res Organ Behav 9:407–442
Hameed MA, Arachchilage NAG (2018) Understanding the influence of individual’s self-efficacy for information systems security innovation adoption: a systematic literature review. In: The Proceeding of the17th Australian Cyber Warfare Conference (CWAR), arxiv.org/abs/1809.10890
Hameed MA, Counsell S (2014) Establishing relationship between innovation characteristics and IT innovation adoption in organizations: a meta-analysis approach. Int J Innov Manag 18(1):41
Hameed MA, Counsell S, Swift S (2012) A meta-analysis of relationships between organizational characteristics and IT innovation adoption in organizations. Inf Manag 49(5):218–232
Hanus B, Wu YA (2016) Impact of users’ security awareness on desktop security behavior: a protection motivation theory perspective. Inf Syst Manag 33(1):2–16
Hearth T, Rao HR (2009) Protection motivation and deterrence: a framework for security policy compliance in organizations. Eur J Inf Syst 18(2):106–125
Herath T, Chen R, Wang J, Banjara K, Wilbur J, Rao HR (2014) Security services as coping mechanisms: an investigation into user intention to adopt an email authentication service. Inf Syst J 24(1):61–84
Hu WW (2010) Self-efficacy and individual knowledge sharing. In: The Proceeding of the 3rd International Conference on Information Management, Innovation Management and Industrial Engineering
Hunter JE, Schmidt FL, Jackson GB (1982) Meta-analysis. Sage, Beverly Hills, CA
Ifinedo P (2012) Understanding information systems security policy compliance: an integration of the theory of planned behaviour and the protection motivation theory. Comput Secur 31:83–95
Ifinedo P (2014) Information systems security policy compliance: an empirical study of the effects of socialisation, influence, and cognition. Inf Manag 51(1):69–79
Ioannidis JPA (2005) Why most published research findings are false. PLoS Med 2(8):e124. https://doi.org/10.1371/journal.pmed.0020124
Jansen J, Van Schaik P (2018) Testing a model of precautionary online behaviour: the case of online banking. Comput Hum Behav 87:371–383
Jansen J, Van Schaik P (2019) The design and evaluation of a theory-based intervention to promote security behaviour against phishing. Int J Hum Comput Stud 123:40–55
Johnston AC, Warkentin M (2010) Fear appeal and information security behaviors: an empirical study. MIS Q 34(3):549–566
Keele S (2007) Guidelines for performing systematic literature reviews in software engineering. In: Technical report, Ver. 2.3 EBSE Technical Report. EBSE
King WR, He J (2005) Understanding the role and methods of meta-analysis in IS research. Commun Assoc Inf Syst 16:665–686
Kitchenham B (2004) Procedures for performing systematic reviews. Keele University, UK. University Technical Report Citeseer, Vol. 33
Koricheva J, Gurevitch J, Mengersen K (2013) Handbook of meta-analysis in ecology and evolution. Princeton University Press, New Jersey
Lai F, Li D, Hsieh C (2012) Fighting identity theft: the coping perspective. Decis Support Syst 52:353–363
Lebek B, Uffen J, Neumann M, Hohler B, Breitner MH (2014) Information security awareness and behavior: a theory-based literature review. Manag Res Rev 37(12):1049–1092
Lee Y, Larsen KR (2009) Threat or coping appraisal: determinants of SMB executive’s decision to adopt anti-malware software. Eur J Inf Syst 18(2):177–187
Lee G, Xia W (2006) Organizational size and IT innovation adoption: a meta-analysis. Inf Manag 43(8):975–985
Lee Y, Lee JY, Liu Y (2007) Protection motivation theory in information system adoption: a case of anti-plagiarism system. In: The Proceedings of Americas Conference on Information Systems 2007
Lee D, Larose R, Rifon N (2008) Keeping our network safe: a model of online protection behaviour. Behav Inform Technol 27(5):445–454
Li Y, Wang J, Rao HR (2017) Adoption of identity protection service: an integrated protection motivation - precaution adoption process model. In: The Proceedings of Twenty-third Americas Conference on Information Systems 2017
Li L, H W, Xu L, Ash I, Anwar M, Yuan X (2019) Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior. Int J Inf Manag 45:13–24
Liang H, Xue Y (2010) Understanding security behaviors in personal computer usage: a threat avoidance perspective. J Assoc Inf Syst 11(7):394–414
Lipsey M, Wilson D (2001) Practical meta-analysis. Sage, Thousand Oaks
Lui SM, Hui W (2011) The effects of knowledge on security technology adoption: results from a quasi-experiment. In: The Proceedings of the 5th International Conference on New Trends in Information Science and Service Science
Malhotra MK, Grover V (1998) An assessment of survey research in POM: from constructs to theory. J Oper Manag 16:407–425
Marett K, Harris RB, McNab AL (2011) Social networking websites and posting personal information: an evaluation of protection motivation theory. Trans Hum Comput Interact 3(3):170–189
Mathieu JE, Zajac DM (1990) A review and meta-analysis of the antecedents, correlates, and consequences of organizational commitment. Psychol Bull 108(2):171–194
Mayer P, Kunz A, Volkamer M (2017) Reliable behavioural factors in the information security context. In: The Proceedings of the 12th International Conference on Availability, Reliability and Security
Meso P, Ding Y, Xu S (2013) Applying protection motivation theory to information security training for college students. J Inf Privacy Secur 9(1):47–67
Mohamed N, Ahmad I (2012) Information privacy concerns, antecedents and privacy measure use in social networking sites: evidence from Malaysia. Comput Hum Behav 28:2366–2375
Mwagwabi F, McGill T, Dixon M (2018) Short-term and long-term effects of fear appeals in improving compliance with password guidelines. Commun Assoc Inf Syst 42:147–182
Ng BY, Kankanhalli A, Xu Y (2009) Studying users’ computer security behavior using the health belief model. Decis Support Syst 46(4):815–825
Okoli C (2015) A guide to conducting a standalone systematic literature review. Commun Assoc Inf Syst 37(43):879–910
Pahnila S, Siponen M, Mahmood MA (2007) Employee’s behavior towards IS security policy compliance. In: The Proceedings of 40th Hawaii International Conference on System Sciences, p 1561
Peters LH, Hartke DD, Pohlmann JT (1985) Fiedler’s contingency theory of leadership: an application of the meta-analysis procedures of Schmidt and Hunter. Psychol Bull 97:274–285
Peterson RA (2001) On the use of college students in social research: insights from a second-order meta-analysis. J Consum Res 28:450–461
Peterson RA, Merunka DR (2014) Convenience samples of college students and research reproducibility. J Bus Res 67:1035–1041
Rajab M, Eydgahi A (2019) Evaluating the explanatory power of theoretical frameworks on intention to comply with information security policies in higher education. Comput Secur 80:211–223
Rhee H, Kim C, Ryuc YC (2009) Self-efficacy in information security: its influence on end users’ information security practice behaviour. Comput Secur 28:816–826
Rogers RW (1983) Cognitive and physiological processes in fear appeals and attitude change: a revised theory of protection motivation. In: Cacioppo J, Petty R (eds) Social Psychophysiology. Guilford Press, New York, pp 153–176
Rosenthal R (1984) Meta-analytic procedures for social research. SAGE Publication, London
Rosenthal R, DiMatteo MR (2001) Meta-analysis: recent developments in quantitative methods for literature reviews. Annu Rev Psychol 52:59–82
Sher M, Talley PC, Yang C, Kuo K (2017) Compliance with electronic medical records privacy policy: an empirical investigation of hospital information technology staff. J Health Care Organ Provision Financ 54:1–12
Siponen MT, Pahnila S, Mahmood A (2007) Employees’ adherence to information security policies: an empirical study. In: The Proceedings of the International Federation for Information Processing IFIP SEC 2007 Conference 2007
Siponen M, Mahmood MA, Pahnila S (2014) Employees’ adherence to information security policies: an exploratory feld study. Inf Manag 51:217–224
Sommestad T, Hallberg J, Lundholm K, Bengtsson J (2014) Variables influencing information security policy compliance. Inf Manag Comput Secur 22(1):42–75
Son JY (2011) Out of fear or desire? Toward a better understanding of employees’ motivation to follow IS security policies. Inf Manag 48(7):296–302
Stanton J, Stam K, Mastrangelo P, Jolton J (2005) Analysis of end user security behaviors. Comput Secur 24(2):124–133
Sun JC, Yu S, Lin SSJ, Tseng S (2016) The mediating effect of anti-phishing self-efficacy between college students’ Internet self-efficacy and anti-phishing behavior and gender difference. Comput Hum Behav 59:249–257
Tamjidyamcholo A, Baba, MSB, Gholipour R, Yamchello HT (2013a) Information security professional perceptions of knowledge-sharing intention in virtual communities under social cognitive theory. In: The Proceedings of the 3rd International Conference on Research and Innovation in Information Systems–2013
Tamjidyamcholo A, Baba MSB, Tamjid H, Gholipour R (2013b) Information security - professional perceptions of knowledge-sharing intention under self-efficacy, trust, reciprocity, and shared-language. Comput Educ 68:223–232
Thompson N, McGill TJ, Wan X (2017) Security begins at home: determinants of home computer and mobile device security behaviour. Comput Secur 70:376–391
Torkzadeh R, Pflughoeft K, Hall L (1999) Computer self-efficacy, training effectiveness and user attitudes. An empirical study. Behav Inform Technol 18(4):299–309
Tsai HYS, Jiang M, Alhabash S, LaRose R, Rifon NJ, Cotten SR (2016) Understanding online safety behaviors: a protection motivation theory perspective. Comput Secur 59:138–150
Tu CZ, Adkins J, Zhao GY (2018) Complying with BYOD security policies: a moderation model. In: The Proceedings of the Midwest United States Association for Information Systems 2018. http://aisel.aisnet.org/mwais2018/25
Vance A, Siponen M, Pahnila S (2012) Motivating IS security compliance: insights from habit and protection motivation theory. Inf Manag 49:190–198
Verkijika SF (2018) Understanding smartphone security behaviors: an extension of the protection motivation theory with anticipated regret. Comput Secur 77:860–870
Warkentin M, Johnston AC, Shropshire J, Barnett WD (2016) Continuance of protective security behavior: a longitudinal study. Decis Support Syst 92:25–35
Wei L, Zhang M (2008) The impact of Internet knowledge on college students’ intention to continue to use the Internet. Inf Res 13(3):348
White G, Ekin T, Visinescu L (2017) Analysis of protective behavior and security incidents for home computers. J Comput Inf Syst 57(4):353–363
Workman M, Bommer W, Straub D (2008) Security lapses and the omission of information security measures: a threat control model and empirical test. Comput Hum Behav 24:2799–2816
Yoon C, Hwang JW, Kim R (2012) Exploring factors that influence students’ behaviors in information security. J Inf Syst Educ 23(4):407–417
Zhang X, Liu S, Chen X, Wang L, Gao B, Zhu Q (2018) Health information privacy concerns, antecedents, and information disclosure intention in online health communities. Inf Manag 55:482–493
Zmud RW (1982) Diffusion of modern software practices: influence of centralization and formalization. Manag Sci 28(12):1421–1431
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendix
Appendix
Study | Innovation | SAM SIZ | TYP INN | SAM SUB | COR VAL |
---|---|---|---|---|---|
[1] Adhikari and Panda (2018) | IS privacy | 306 | PRC | SDT | 0.503 |
[3] Anderson and Agarwal (2010) | IS security (computer) | 594 | PRD | NSDT | 0.440 |
[3] Anderson and Agarwal (2010) | IS security (Internet) | 101 | PRD | NSDT | 0.380 |
[7] Aurigemma and Mattson (2018) | IS security | 239 | PRD | NSDT | 0.265 |
[6] Aurigemma and Mattson (2014) | IS security | 227 | PRD | NSDT | 0.451 |
[8] Aurigemma et al. (2019) | IS security | 283 | PRD | SDT | 0.457 |
[11] Bélanger et al. (2017) | IS security | 535 | PRC | SDT | 0.354 |
[12] Boerman et al. (2018) | IS privacy | 928 | PRC | SDT | 0.130 |
[13] Bulgurcu et al. (2010) | IS security | 464 | PRC | NSDT | 0.395 |
[14] Burns et al. (2017) | IS security | 377 | PRC | NSDT | 0.190 |
[15] Chan et al. (2005) | IS security | 104 | PRC | NSDT | 0.400 |
[16] Chaoguang et al. (2018) | IS security | 355 | PRD | NSDT | 0.366 |
[17] Chenoweth et al. (2019) | IS security | 202 | PRD | NSDT | 0.310 |
[18] Cho and Ip (2018) | IS security | 418 | PRC | NSDT | 0.265 |
[19] Chou and Chou (2016) | IS security | 505 | PRD | NSDT | 0.050 |
[23] Cox, J. (2012) | IS security | 106 | PRC | NSDT | 0.430 |
[25] Dinev et al. (2009) | IS security | 332 | PRD | SDT | 0.390 |
[25] Dinev et al. (2009) | IS security | 227 | PRD | SDT | 0.350 |
[29] Grimes and Marquardson (2019) | IS security | 169 | PRC | NSDT | 0.420 |
[34] Hanus and Wu (2016) | IS security | 229 | PRC | SDT | 0.650 |
[36] Herath et al. (2014) | Email authentication | 134 | PRD | SDT | -0.080 |
[35] Herath and Rao (2009) | IS security | 134 | PRC | NSDT | 0.510 |
[39] Ifinedo (2012) | IS security | 124 | PRC | NSDT | 0.320 |
[40] Ifinedo (2014) | IS security | 124 | PRC | NSDT | 0.240 |
[42] Jansen and Van Schaik (2018) | Online security | 1200 | PRD | NSDT | 0.650 |
[43] Jansen and Van Schaik (2019) | Anti-phishing | 512 | PRD | NSDT | 0.700 |
[44] Johnston and Warkentin (2010) | IS security | 215 | PRD | NSDT | 0.342 |
[49] Lai et al. (2012) | Identity theft | 117 | PRC | SDT | −0.186 |
[54] Lee et al. (2008) | Anti-virus | 273 | PRD | SDT | 0.600 |
[56] Li et al. (2019) | Cyber security | 579 | PRC | NSDT | 0.450 |
[55] Li et al. (2017) | IS security | 616 | PRD | NSDT | 0.320 |
[57] Liang and Xue (2010) | IS security | 152 | PRD | SDT | 0.283 |
[59] Lui and Hui (2011) | IS security | 752 | PRD | SDT | 0.082 |
[61] Marett et al. (2011) | IS security | 522 | PRC | SDT | 0.510 |
[64] Meso et al. (2013) | IS security | 77 | PRD | SDT | 0.784 |
[65] Mohamed and Ahmad (2012) | IS privacy | 340 | PRC | SDT | 0.419 |
[66] Mwagwabi et al. (2018) | IS security | 194 | PRC | NSDT | 0.274 |
[67] Ng et al. (2009) | IS security | 134 | PRD | NSDT | 0.400 |
[73] Rajab and Eydgahi (2019) | IS security | 206 | PRC | NSDT | 0.192 |
[74] Rhee et al. (2009) | IS security | 415 | PRC | SDT | 0.363 |
[78] Sher et al. (2017) | IS security | 310 | PRC | NSDT | 0.230 |
[80] Siponen et al. (2014) | IS security | 669 | PRC | NSDT | 0.243 |
[79] Siponen et al. (2007) | IS security | 917 | PRC | NSDT | 0.407 |
[82] Son (2011) | IS security | 602 | PRC | NSDT | 0.230 |
[84] Sun et al. (2016) | Anti-phishing | 411 | PRD | SDT | 0.520 |
[84] Sun et al. (2016) | Internet | 411 | PRD | SDT | 0.450 |
[85] Tamjidyamcholo et al. (2013a) | IS security | 138 | PRC | NSDT | 0.566 |
[86] Tamjidyamcholo et al. (2013b) | Information knowledge | 138 | PRC | SDT | 0.565 |
[87] Thompson et al. (2017) | Home computer | 322 | PRD | NSDT | 0.350 |
[87] Thompson et al. (2017) | Mobile device | 307 | PRD | NSDT | 0.450 |
[89] Tsai et al. (2016) | Online security | 988 | PRC | NSDT | 0.260 |
[90] Tu et al. (2018) | IS security | 122 | PRC | NSDT | 0.730 |
[91] Vance et al. (2012) | IS security | 210 | PRC | NSDT | 0.470 |
[92] Verkijika (2018) | Smart phone | 385 | PRD | NSDT | 0.306 |
[93] Warkentin et al. (2016) | IS security | 253 | PRD | SDT | 0.888 |
[94] Wei and Zhang (2008) | Internet knowledge | 279 | PRC | SDT | 0.320 |
[95] White et al. (2017) | IS security | 945 | PRD | NSDT | 0.062 |
[97] Yoon et al. (2012) | IS security | 202 | PRC | SDT | 0.100 |
[98] Zhang et al. (2018) | IS privacy | 337 | PRC | NSDT | 0.449 |
Rights and permissions
About this article
Cite this article
Hameed, M.A., Arachchilage, N.A.G. The role of self-efficacy on the adoption of information systems security innovations: a meta-analysis assessment. Pers Ubiquit Comput 25, 911–925 (2021). https://doi.org/10.1007/s00779-021-01560-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00779-021-01560-1