Abstract
ABSTRACT Organisations face growing IT security risks with substantial consequences for missteps in business continuity, data loss, reputational harm, and future competitive advantage. To improve precaution-taking among organisation members, leaders frequently turn to susceptibility claims embedded in security education, training, and awareness (SETA) initiatives to motivate change. However, prior studies have produced mixed empirical results concerning the role of susceptibility in motivating precaution-taking. To deepen theorising about using susceptibility claims to change behaviour, we argue that threat characteristics (overt versus furtive attacks) shape individuals’ attitudes of the threat, and these attitudes subsequently anchor how individuals respond to new claims about the threats. We introduce social judgement theory (SJT) to argue that when individuals participate in SETA initiatives, susceptibility claims that are too distant from individuals’ existing attitudes will be ignored, while claims that are more proximal are more likely to be accepted and result in behaviour change. Using a longitudinal field experiment, we found that susceptibility claims motivated precaution taking against phishing (overt attack) but did not against password cracking (furtive attack). These results support SJT predictions and imply latitudes of acceptability and rejection into which susceptibility claims are placed. Implications for researchers, organisation leaders, and SETA developers are discussed.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.