"Can Secure Behaviors Be Contagious? A Two-Stage Investigation of the Influence of Herd Behavior on Security Decisions "

Abstract

IT users often make information security-related decisions in complex and multidimensional environments, which could lead to phenomena like behavioral anomalies. For instance, under uncertain circumstances, users may discount their own limited information about a security technology and make their adoption decisions based on what the majority of users’ decisions are in this regard. In this context, imitation can become a legitimate and rational strategy for making security-related decisions. Current behavioral security theories generally assume that users possess sufficient information about security technologies before making security-related decisions. This theory assumption limits our understanding of how security decisions are made in various real-world circumstances. Our research is focused on security behaviors under uncertain circumstances. We investigate how providing popularity information can trigger herd behavior and can subsequently influence security behaviors. We also provide insights into security-related decisions that are influenced by herd mentality and investigate whether they persist over time. Additionally, we conceptualize and operationalize two constructs that can be used in future research to better examine post-adoption security behaviors. The findings of this multistage experiment show that in uncertain circumstances, when users are aware of the widespread use of a certain security technology, they develop a significantly higher intention to engage in protection-motivated behaviors. Furthermore, the results show that at the post-adoption stage, users rely more heavily on their own information about their continuous use of security technologies and put less emphasis on herd-related factors.