TY - JOUR
T1 - Protecting Against Threats to Information Security
T2 - An Attitudinal Ambivalence Perspective
AU - Ng, Ka Chung
AU - Zhang, Xiaojun
AU - Thong, James Y.L.
AU - Tam, Kar Yan
N1 - Funding Information:
This project was partially funded by the Theme-based Research Grant on Fintech (T31-608/18N) of the Research Grant Council of Hong Kong. The authors thank the associate editor, reviewers, and Editor-in-Chief for their constructive comments on earlier versions of this paper.
Publisher Copyright:
© 2021 The Author(s). Published with license by Taylor & Francis Group, LLC.
PY - 2021/12/7
Y1 - 2021/12/7
N2 - A popular information security-related motivation theory is the Protection Motivation Theory (PMT) that has been studied extensively in many information security contexts with promising results. However, prior studies have found inconsistent findings regarding the relationships within PMT. To shed light on these inconsistent findings, we introduce the attitudinal ambivalence theory to open the black box within PMT. We tested our model on data collect ed from 1,383 individuals facing potential cyberattacks of their emails in a field experiment. The results of polynomial regression with response surface analysis showed that attitudinal ambivalence is generated from the opposition between an individual’s evaluations of maladaptive rewards and social norms (i.e., descriptive norm and subjective norm). This attitudinal ambivalence, in turn, affects individuals’ evaluations of their coping appraisal process and protection motivation, and ultimately protection behavior. We discuss the theoretical and managerial implications of identifying the determinants and outcomes of attitudinal ambivalence in the information security context. From a theoretical standpoint, our work contributes to the information security literature by incorporating attitudinal ambivalence, which arises from the intrapersonal and interpersonal appraisal processes, into PMT. From a practical standpoint, our work provides insights into designing effective fear appeals to avoid triggering attitudinal ambivalence and thus encouraging adoption of security protection behavior.
AB - A popular information security-related motivation theory is the Protection Motivation Theory (PMT) that has been studied extensively in many information security contexts with promising results. However, prior studies have found inconsistent findings regarding the relationships within PMT. To shed light on these inconsistent findings, we introduce the attitudinal ambivalence theory to open the black box within PMT. We tested our model on data collect ed from 1,383 individuals facing potential cyberattacks of their emails in a field experiment. The results of polynomial regression with response surface analysis showed that attitudinal ambivalence is generated from the opposition between an individual’s evaluations of maladaptive rewards and social norms (i.e., descriptive norm and subjective norm). This attitudinal ambivalence, in turn, affects individuals’ evaluations of their coping appraisal process and protection motivation, and ultimately protection behavior. We discuss the theoretical and managerial implications of identifying the determinants and outcomes of attitudinal ambivalence in the information security context. From a theoretical standpoint, our work contributes to the information security literature by incorporating attitudinal ambivalence, which arises from the intrapersonal and interpersonal appraisal processes, into PMT. From a practical standpoint, our work provides insights into designing effective fear appeals to avoid triggering attitudinal ambivalence and thus encouraging adoption of security protection behavior.
KW - attitudinal ambivalence theory
KW - cybersecurity
KW - information security
KW - maladaptive rewards
KW - polynomial regression
KW - protection motivation theory
KW - response surface analysis
KW - security breaches
KW - social norms
KW - two-factor authentication
UR - http://www.scopus.com/inward/record.url?scp=85120964219&partnerID=8YFLogxK
U2 - 10.1080/07421222.2021.1962601
DO - 10.1080/07421222.2021.1962601
M3 - Journal article
AN - SCOPUS:85120964219
SN - 0742-1222
VL - 38
SP - 732
EP - 764
JO - Journal of Management Information Systems
JF - Journal of Management Information Systems
IS - 3
ER -