Students’ computers safety behaviors, under effects of cognition and socialization: when gender and job experience influence information security behaviors

Abstract

Uses of digital technologies are spreading and the damage to information assets is increasing, making the adoption of information security (IS) behaviors, a major issue for both individuals and organizations. Although the literature has so far been largely devoted to IS practices in business, a trend in which this research fits, emerges to study the behavior of individuals in their daily lives.Our empirical study focuses on a sample of 430 undergraduate and graduate students, future employees whose practices could extend in enterprises.We propose a second-order hierarchical model using partial least square equation modeling (PLS-SEM), with the objective of measuring the effects of both the Protection Motivation Theory (PMT) and the Social Bond Theory (SBT) on students IS Technologies Awareness (ISTA) and Malware Protection Behavior (MPB).Results show that SBT and PMT exert comparable effects on endogenous variables. More precisely, self-efficacy, response-efficacy, perceived vulnerability, involvement, attachment and personal beliefs, are determinants of IS behaviors. In the one hand, these results vary by gender, making PMT and SBT two complementary theories for analyzing behaviors. On the other hand, effects of PMT are stronger than those of SBT when actors have job experience with a computer. In addition, ISTA partially mediates the influence of PMT and SBT on MPB.This research paper provide an original and interesting comparison of the influence of PMT and SBT on IS behaviors, where both the larger-order construct and its dimensions are considered.Results should be interpreted with caution as we have not taken into account the dimension of fear appeal. Effects of PMT exogenous variables can then be underestimated. Despite this limitation, we show that understanding IS behaviors needs the use of models that take into account gender and diversity of IS experiences. It also underline the importance to study how and why companies’ security practices are spreading to society and vice-versa. We suggest that these first results can be deepened from the perspective of pragmatism.On field, managers should take both cognitive and socialization factors into account to build IS awareness programs. Universities should also value the experience gained by students in organizations in theirs programs.