Where authorities fail and experts excel: Influencing internet users’ compliance intentions

Abstract

Cyber threats continue to rise because Internet users are often unwilling to adopt simple security behaviors. Public security messages sent by leaders could formally and informally influence Internet users to take action to protect themselves from threats. However, scant research has examined how leaders' power or expertise influences Internet users' willingness to comply with requested security behaviors. In this paper, we develop a research model using the bases of power theory and three related theories (social influence theory, psychological reactance theory, and attribution theory) to explain how security messages from authoritative and expert leaders, respectively, shape users' intentions to comply with the recommendations of a security message. Analysis of data gathered in a field experiment suggests that security messages from leaders can have positive and negative consequences. If sent by leaders with formal authority (i.e., those high in coercive power), security messages may backfire because they fail to stimulate security cognitions. In contrast, if sent by expert leaders (i.e., those high in expertise), security messages are more likely to work as intended. Our findings offer insights into how public security messages can be made more effective.