Although firms are expending substantial resources to develop technology and processes that can help safeguard the security of their computing assets, increased attention is being focused on the role people play in maintaining a safe computing environment. Unlike employees in a work setting, home users are not subject to training, nor are they protected by a technical staff dedicated to keeping security software and hardware current. Thus, with over one billion people with access to the Internet, individual home computer users represent a significant point of weakness in achieving the security of the cyber infrastructure. We study the phenomenon of conscientious cybercitizens, defined as individuals who are motivated to take the necessary precautions under their direct control to secure their own computer and the Internet in a home setting. Using a multidisciplinary, phased approach, we develop a conceptual model of the conscientious cybercitizen. We present results from two studies-a survey and an experiment-conducted to understand the drivers of intentions to perform security-related behavior, and the interventions that can positively influence these drivers. In the first study, we use protection motivation theory as the underlying conceptual foundation and extend the theory by drawing upon the public goods literature and the concept of psychological ownership. Results from a survey of 594 home computer users from a wide range of demographic and socio-economic backgrounds suggest that a home computer user's intention to perform security-related behavior is influenced by a combination of cognitive, social, and psychological components. In the second study, we draw upon the concepts of goal framing and self-view to examine how the proximal drivers of intentions to perform security-related behavior identified in the first study can be influenced by appropriate messaging. An experiment with 101 subjects is used to test the research hypotheses. Overall, the two studies shed important new light on creating more conscientious cybercitizens. Theoretical and practical implications of the findings are discussed.
Read full abstract