Advanced search
Publication Cover
Behaviour & Information Technology Volume 42, 2023 - Issue 10
Submit an article Journal homepage
639
Views
1
CrossRef citations to date
0
Altmetric
Original Articles

Rushed to crack – On the perceived effectiveness of cybersecurity measures for secure behaviour under time pressure

Noman H. Chowdhurya School of Economics and Management, Xiamen University Malaysia, Sepang, MalaysiaCorrespondence[email protected] [email protected]
ORCID Iconhttps://orcid.org/0000-0003-4209-8950View further author information
ORCID Icon,
Marc T. P. Adamb School of Information and Physical Sciences, The University of Newcastle, Callaghan, AustraliaView further author information
&
Timm Teubnerc Trust in Digital Services, TU Berlin, Berlin, GermanyView further author information
Pages 1568-1589 | Received 04 Mar 2021, Accepted 15 Jun 2022, Published online: 06 Jul 2022

References

  • Abawajy, J. 2014. “User Preference of Cyber Security Awareness Delivery Methods.” Behaviour & Information Technology 33 (3): 237–248.
  • Achtziger, A., and C. Alós-Ferrer. 2014. “Fast or Rational? A Response-Times Study of Bayesian Updating.” Management Science 60 (4): 923–938.
  • Adam, M. T. P., J. Krämer, and M. B. Müller. 2015. “Auction Fever! How Time Pressure and Social Competition Affect Bidders’ Arousal and Bids in Retail Auctions.” Journal of Retailing 91 (3): 468–485.
  • Adam, M. T. P., J. Krämer, and C. Weinhardt. 2012. “Excitement up! Price Down! Measuring Emotions in Dutch Auctions.” International Journal of Electronic Commerce 17 (2): 7–40.
  • Adams-Guppy, J. R., and A. Guppy. 1995. “Speeding in Relation to Perceptions of Risk, Utility and Driving Style by British Company car Drivers.” Ergonomics 38 (12): 2525–2535.
  • Adams, A., and M. A. Sasse. 1999. “Users are not the Enemy.” Communications of the ACM 42 (12): 41–46.
  • Ahmad, A., S. B. Maynard, and S. Park. 2014. “Information Security Strategies: Towards an Organizational Multi-Strategy Perspective.” Journal of Intelligent Manufacturing 25 (2): 357–370.
  • Alvarez, R. M., L. R. Atkeson, I. Levin, and Y. Li. 2006. “Paying Attention to Inattentive Survey Respondents.” Political Analysis 27 (2): 145–162.
  • Amabile, T. M., J. S. Mueller, W. B. Simpson, C. N. Hadley, S. J. Kramer, and L. Fleming. 2002. “Time Pressure and Creativity in Organizations: A Longitudinal Field Study.” In Harvard Business School (Vols. 02–073).
  • Beautement, A., I. Becker, S. Parkin, K. Krol, and A. Sasse. 2016. “Productive Security: A Scalable Methodology for Analysing Employee Security Behaviours.” SOUPS 2019: 253–270.
  • Beautement, A., M. A. Sasse, and M. Wonham. 2008. “The Compliance Budget: Managing Security Behaviour in Organisations.” SOUPS 2008: 47–58.
  • Bednarczuk, N. F., J. M. Bradshaw, S. Y. Mian, E. Papoutselou, S. Mahmoud, K. Ahn, I. Chudenkov, et al. 2020. “Pathophysiological Dissociation of the Interaction Between Time Pressure and Trait Anxiety During Spatial Orientation Judgments.” European Journal of Neuroscience 52 (4): 3215–3222. doi:10.1111/ejn.v52.4.
  • Benjamin, A. S., and F. I. Craik. 2001. “Parallel Effects of Aging and Time Pressure on Memory for Source: Evidence from the Spacing Effect.” Memory & Cognition 29 (5): 691–697.
  • Boss, S. R., and L. J. Kirsch. 2007. “The Last Line of Defense: Motivating Employees to Follow Corporate Security Guidelines.” ICIS 2007 Proceedings, 1–18.
  • Braun, V., and V. Clarke. 2006. “Using Thematic Analysis in Psychology.” Qualitative Research in Psychology 3 (2): 77–101.
  • Buck, R., M. Khan, M. Fagan, and E. Coman. 2018. “The User Affective Experience Scale: A Measure of Emotions Anticipated in Response to pop-up Computer Warnings.” International Journal of Human-Computer Interaction 34 (1): 25–34.
  • Bulgurcu, B., H. Cavusoglu, and I. Benbasat. 2010. “Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness.” MIS Quarterly 34 (3): 523–548.
  • Chen, Y., K. Ramamurthy, and K. W. Wen. 2014. “Organizations’ Information Security Policy Compliance: Stick or Carrot Approach?” Journal of Management Information Systems 29 (3): 157–188. doi:10.2753/MIS0742-1222290305.
  • Chowdhury, N. H., M. T. P. Adam, and G. Skinner. 2018. “The Impact of Time Pressure on Human Cybersecurity Behavior: An Integrative Framework.” ICSEng 2018 Proceedings, 1–10.
  • Chowdhury, N. H., M. T. P. Adam, and G. Skinner. 2019. “The Impact of Time Pressure on Cybersecurity Behaviour: A Systematic Literature Review.” Behaviour & Information Technology 38 (12): 1–19.
  • Chowdhury, N. H., M. T. P. Adam, and T. Teubner. 2020. “Time Pressure in Human Cybersecurity Behavior: Theoretical Framework and Countermeasures.” Computers & Security 97 (2020): 1–13.
  • CISCO. 2017. Annual Cybersecurity Report. http://b2me.cisco.com/en-us-annual-cybersecurity-report-2017?keycode1=001464170.
  • Compeau, D. R., and C. A. Higgins. 1995. “Computer Self-Efficacy: Development of a Measure and Initial Test.” MIS Quarterly 19 (2): 189–211.
  • Cowan, D. A. 1986. “Developing a Process Model of Problem Recognition.” Academy of Management Review 11 (4): 763–776.
  • Curran, P. G. 2016. “Methods for the Detection of Carelessly Invalid Responses in Survey Data.” Journal of Experimental Social Psychology 66 (2016): 4–19.
  • Curran, P. G., L. Kotrba, and D. Denison. 2010. “Careless Responding in Surveys: Applying Traditional Techniques to Organizational Settings.” 25th Annual Conference of the Society for Industrial/Organizational Psychology.
  • Das, A., and H. U. Khan. 2016. “Security Behaviors of Smartphone Users.” Information and Computer Security 24 (1): 116–134.
  • da Silva Castanheira, K., A. S. Nobandegani, and A. R. Otto. 2019. “Sample-Based Variant of Expected Utility Explains Effects of Time Pressure and Individual Differences in Processing Speed on Risk Preferences.” 42nd Annual Conference of the Cognitive Science Society, 1579–1585.
  • de Graaf, J. 2003. Take Back Your Time: Fighting Over-Work and Time Poverty in America. San Francisco, CA: Berrett-Koehler Publishers.
  • Dennis, A. R., and R. K. Minas. 2018. “Security on Autopilot: Why Current Security Theories Hijack our Thinking and Lead us Astray.” DATABASE 49 (1): 15–38.
  • Dhillon, G., and J. Backhouse. 2001. “Current Directions in IS Security Research: Towards Socio-Organizational Perspectives.” Information Systems Journal 11 (2): 127–153.
  • Doyle, J., I. Kohane, W. Long, H. Shrobe, and P. Szolovits. 2001. “Agile Monitoring for Cyber Defense.” DISCEX 2001 Proceedings, 318–328.
  • Egelman, S., and E. Peer. 2015. “Scaling the Security Wall: Developing a Security Behavior Intentions Scale (SeBIS).” CHI 2015 Proceedings, 2873–2882.
  • Fagan, M., Y. Albayram, M. Maifi, H. Khan, and R. Buck. 2017. “An Investigation Into Users’ Considerations Towards Using Password Managers.” Human-Centric Computing and Information Sciences 7 (1): 1–20.
  • Faul, F., E. Erdfelder, and B. A. Lang A-G. 2007. “G* Power 3: A Flexible Statistical Power Analysis Program for the Social, Behavioral, and Biomedical Sciences.” Behavior Research Methods 39 (2): 175–191.
  • Gershon, P., D. Shinar, T. Oron-Gilad, Y. Parmet, and A. Ronen. 2011. “Usage and Perceived Effectiveness of Fatigue Countermeasures for Professional and Nonprofessional Drivers.” Accident Analysis and Prevention 43 (3): 797–803.
  • Good, N., R. Dhamija, J. Grossklags, D. Thaw, S. Aronowitz, D. Mulligan, and J. Konstan. 2005. “Stopping Spyware at the Gate: A User Study of Privacy, Notice and Spyware.” SOUPS 2005 Proceedings, 43–52.
  • Herath, T., and H. R. Rao. 2009. “Encouraging Information Security Behaviors in Organizations: Role of Penalties, Pressures and Perceived Effectiveness.” Decision Support Systems 47 (2): 154–165.
  • Hollinger, R. C., and L. Lanza-Kaduce. 2009. “Academic Dishonesty and the Perceived Effectiveness of Countermeasures: An Empirical Survey of Cheating at a Major Public University.” NASPA Journal 46 (4): 587–602.
  • Huang, J. L., P. G. Curran, J. Keeney, E. M. Poposki, and R. P. DeShon. 2012. “Detecting and Deterring Insufficient Effort Responding to Surveys.” Journal of Business and Psychology 27 (1): 99–114.
  • Hwang, M. I. 1994. “Decision Making Under Time Pressure: A Model for Information Systems Research.” Information & Management 27 (4): 197–203.
  • Ifinedo, P. 2014. “Information Systems Security Policy Compliance: An Empirical Study of the Effects of Socialisation, Influence, and Cognition.” Information & Management 51 (1): 69–79.
  • Ion, I., R. Reeder, and S. Consolvo. 2015. “‘ … No One Can Hack my Mind’: Comparing Expert and Non-Expert Security Practices.” SOUPS 2015 Proceedings, 327–346.
  • Jalali, M. S., M. Siegel, and S. Madnick. 2019. “Decision-making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment.” Journal of Strategic Information Systems 28 (1): 66–82.
  • Johnson, J. A. 2005. “Ascertaining the Validity of Individual Protocols from web-Based Personality Inventories.” Journal of Research in Personality 39 (2005): 103–129.
  • Kahneman, D. 2011. Thinking, Fast and Slow. London, UK: Penguin Press.
  • Kelly, J. R., and S. J. Karau. 1999. “Group Decision Making: The Effects of Initial Preferences and Time Pressure.” Personality and Social Psychology Bulletin 25 (11): 1342–1354.
  • Kelly, J. R., and J. E. McGrath. 1985. “Effects of Time Limits and Task Types on Task Performance and Interaction of Four-Person Groups.” Journal of Personality and Social Psychology 49 (2): 395–407.
  • Kirlappos, I., and M. A. Sasse. 2012. “Security Education Against Phishing: A Modest Proposal for a Major Rethink.” IEEE Security and Privacy 10 (2): 24–32.
  • Kwok, K. O., F. Lai, W. I. Wei, S. Y. S. Wong, and J. W. Tang. 2020. “Herd Immunity–Estimating the Level Required to Halt the COVID-19 Epidemics in Affected Countries.” Journal of Infection 80 (6): e32–e33.
  • Lesser, J. A., and S. M. Forsythe. 1989. “Antecedents and Consequences of the Intrinsic Motivation to Shop.” Psychological Reports 64 (3_suppl): 1183–1191.
  • Liang, H., and Y. Xue. 2010. “Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective.” Journal of the Association of Information Systems 11 (7): 394–413.
  • Liao, H. J., C. H. R. Lin, Y. C. Lin, and K. Y. Tung. 2013. “Intrusion Detection System: A Comprehensive Review.” Journal of Network and Computer Applications 36 (1): 16–24.
  • Marble, J. L., W. F. Lawless, R. Mittu, J. Coyne, M. Abramson, and C. Sibley. 2015. “The Human Factor in Cybersecurity: Robust & Intelligent Defense.” In Advances in Information Security, 173–206. Cham, Switzerland: Springer.
  • Matteson, M. T., and J. M. Ivancevich. 1987. “Individual Stress Management Interventions: Evaluation of Techniques.” Journal of Managerial Psychology 2 (1): 24–30.
  • Maule, A., G. Hockey, and L. Bdzola. 2000. “Effects of Time-Pressure on Decision-Making Under Uncertainty: Changes in Affective State and Information Processing Strategy.” Acta Psychologica 104 (3): 283–301.
  • McGill, T., and N. Thompson. 2017. “Old Risks, new Challenges: Exploring Differences in Security Between Home Computer and Mobile Device use.” Behaviour & Information Technology 36 (11): 1111–1124.
  • Meade, A. W., and S. B. Craig. 2012. “Identifying Careless Responses in Survey Data.” Psychological Methods 17 (3): 437–455.
  • Miller, J. G. 1960. “Information Input Overload and Psychopathology.” American Journal of Psychiatry 116 (8): 695–704.
  • Milne, S., P. Sheeran, and S. Orbell. 2000. “Prediction and Intervention in Health-Related Behavior: A Meta-Analytic Review of Protection Motivation Theory.” Journal of Applied Social Psychology 30 (1): 106–143.
  • Muenzen, P. M. 2019. Extent, Correlates, and Consequences of Careless and Inattentive Responding in Certification job Analysis Surveys. Minneapolis, MN: Walden University.
  • Mwagwabi, F., T. McGill, and M. Dixon. 2018. “Short-term and Long-Term Effects of Fear Appeals in Improving Compliance with Password Guidelines.” Communications of the Association for Information Systems 42 (1): 1–37.
  • OAIC. 2019. “Notifiable Data Breaches Statistics Report: 1 Jan to 31 Mar 2019.” In www.oaic.gov.au.
  • Oster, A., D. Pearson, R. De Iure, B. McDonald, and S. Wu. 2018. “NAB Special Insight Report - Time: How We Use It & Value It.” In National Australia Bank Limited.
  • Ozel, F. 2001. “Time Pressure and Stress as a Factor During Emergency Egress.” Safety Science 38 (2): 95–107.
  • Paas, F., T. Van Gog, and J. Sweller. 2010. “Cognitive Load Theory: New Conceptualizations, Specifications, and Integrated Research Perspectives.” Educational Psychology Review 22 (2): 115–121.
  • Palardy, N., L. Greening, J. Ott, A. Holderby, and J. Atchison. 1998. “Adolescents’ Health Attitudes and Adherence to Treatment for Insulin-Dependent Diabetes Mellitus.” Journal of Developmental and Behavioral Pediatrics 19 (1): 31–37.
  • Payne, J. W., J. R. Bettman, and E. J. Johnson. 1988. “Adaptive Strategy Selection in Decision Making.” Journal of Experimental Psychology: Learning, Memory, and Cognition 14 (3): 534–597.
  • Pearman, S., S. A. Zhang, L. Bauer, N. Christin, and L. F. Cranor. 2019. “Why People (Don’t) use Password Managers Effectively.” SOUPS 2019: 319–338.
  • Peter, J. P., and L. X. Tarpey Sr. 1975. “A Comparative Analysis of Three Consumer Decision Strategies.” Journal of Consumer Research 2 (1): 29–37.
  • Piquero, N. L., S. G. Tibbetts, and M. B. Blankenship. 2005. “Examining the Role of Differential Association and Techniques of Neutralization in Explaining Corporate Crime.” Deviant Behavior 26 (2): 159–188.
  • Puhakainen, P. 2006. A Design Theory for Information Security Awareness. Oulu, Finland: OULU University Press.
  • Redmiles, E. M., M. L. Mazurek, and J. P. Dickerson. 2018. “Dancing Pigs or Externalities? Measuring the Rationality of Security Decisions.” 2018 ACM Conference on Economics and Computation, 215–232.
  • Redmiles, E. M., N. Warford, A. Jayanti, A. Koneru, S. Kross, M. Morales, R. Stevens, and M. L. Mazurek. 2020. “A Comprehensive Quality Evaluation of Security and Privacy Advice on the Web.” USENIX 2020 Security Symposium, 89–108.
  • Rieskamp, J., and U. Hoffrage. 2008. “Inferences Under Time Pressure: How Opportunity Costs Affect Strategy Selection.” Acta Psychologica 127 (2): 258–276.
  • Rogers, R. W. 1975. “A Protection Motivation Theory of Fear Appeals and Attitude Change.” The Journal of Psychology 91 (1): 93–114.
  • Rose, J. 2017. ““Never Enough Hours in the day”: Employed Mothers’ Perceptions of Time Pressure.” Australian Journal of Social Issues 52 (2): 116–130.
  • Schneider, S., M. May, and A. A. Stone. 2018. “Careless Responding in Internet-Based Quality of Life Assessments.” Quality of Life Research 27 (4): 1077–1088.
  • Sharma, S., and M. Warkentin. 2019. “Do I Really Belong?: Impact of Employment Status on Information Security Policy Compliance.” Computers & Security 87 (2019): 101397. doi:10.1016/J.COSE.2018.09.005.
  • Siponen, M. T., and J. Iivari. 2006. “Six Design Theories for IS Security Policies and Guidelines.” Journal of the Association for Information Systems 7 (7): 445–472.
  • Siponen, M., and A. Vance. 2010. “Neutralization: New Insights Into the Problem of Employee Information Systems Security Policy Violations.” MIS Quarterly 34 (3): 487–502.
  • Sojer, M., O. Alexy, S. Kleinknecht, and J. Henkel. 2014. “Understanding the Drivers of Unethical Programming Behavior: The Inappropriate Reuse of Internet-Accessible Code.” Journal of Management Information Systems 31 (3): 287–325.
  • Tanner Jr, J. F., J. B. Hunt, and D. R. Eppright. 1991. “The Protection Motivation Model: A Normative Model of Fear Appeals.” Journal of Marketing 55 (3): 36–45.
  • Taylor, S., and P. A. Todd. 1995. “Understanding Information Technology Usage: A Test of Competing Models.” Information Systems Research 6 (2): 144–176.
  • van Bavel, R., N. Rodríguez-Priego, J. Vila, and P. Briggs. 2019. “Using Protection Motivation Theory in the Design of Nudges to Improve Online Security Behavior.” International Journal of Human Computer Studies 123 (Nov): 29–39.
  • Vance, A., B. Anderson, C. Kirwan, and D. Eargle. 2014. “Using Measures of Risk Perception to Predict Information Security Behavior: Insights from Electroencephalography (EEG).” Journal of the Association for Information Systems 15 (10): 679–722.
  • Wang, J., T. Herath, R. Chen, A. Vishwanath, and H. R. Rao. 2012. “Phishing Susceptibility: An Investigation Into the Processing of a Targeted Spear Phishing Email.” IEEE Transactions on Professional Communication 55 (4): 345–362.
  • Winkler, I., & A. T. Gomes. (2016). Advanced Persistent Security: A Cyberwarfare Approach to Implementing Adaptive Enterprise Protection, Detection, and Reaction Strategies. Cambridge, MA: Syngress.
  • Wood, W., and D. T. Neal. 2009. “The Habitual Consumer.” Journal of Consumer Psychology 19 (4): 579–592.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.