Advanced search
Publication Cover
Behaviour & Information Technology Volume 43, 2024 - Issue 3
Submit an article Journal homepage
275
Views
0
CrossRef citations to date
0
Altmetric
Original Articles

Situational support and information security behavioural intention: a comparative study using conservation of resources theory

Yuxiang Honga School of Management, Hangzhou Dianzi University, Hangzhou, People’s Republic of ChinaCorrespondence[email protected]
View further author information
,
Mengyi Xub Cranfield School of Management, Cranfield University, Bedfordshire, UKView further author information
&
Steven Furnellc School of Computer Science, University of Nottingham, Nottingham, UKView further author information
Pages 523-539 | Received 05 Mar 2022, Accepted 30 Jan 2023, Published online: 15 Feb 2023

References

  • Aiken, L. S., and S. G. West. 1991. Multiple Regression: Testing and Interpreting Interactions. Newbury Park, CA: Sage.
  • Anderson, C. L., and R. Agarwal. 2010. “Practicing Safe Computing: A Multimethod Empirical Examination of Home Computer User Security Behavioral Intentions.” MIS Quarterly 34 (3): 613–644. doi:10.2307/25750694.
  • Asteriou, D., and S. G. Hall. 2011. Applied Econometrics. New York: Palgrave Macmillan.
  • Blau, P. M. 1964. Exchange and Power in Social Life. New York: Wiley.
  • Boss, S. R., D. F. Galletta, P. B. Lowry, G. D. Moody, and P. Polak. 2015. “What do Systems Users Have to Fear? Using Fear Appeals to Engender Threats and Fear That Motivate Protective Security Behaviors.” MIS Quarterly 39 (4): 837–864. doi:10.25300/MISQ/2015/39.4.5.
  • Bulgurcu, B., H. Cavusoglu, and I. Benbasat. 2010. “Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness.” MIS Quarterly 34 (3): 523–548. doi:10.2307/25750690.
  • Chang, C. H., J. Xu, and D.-P. Song. 2015. “Risk Analysis for Container Shipping: From a Logistics Perspective.” The International Journal of Logistics Management 26 (1): 147–171. doi:10.1108/IJLM-07-2012-0068.
  • Chen, Y., and F. M. Zahedi. 2016. “Individual's Internet Security Perceptions and Behaviors: Polycontextual Contrasts Between the United States and China.” MIS Quarterly 40 (1): 205–222. doi:10.25300/MISQ/2016/40.1.09.
  • Cuganesan, S., C. Steele, and A. Hart. 2018. “How Senior Management and Workplace Norms Influence Information Security Attitudes and Self-Efficacy.” Behaviour & Information Technology 37 (1): 50–65. doi:10.1080/0144929X.2017.1397193.
  • Dang, D., and S. Pittayachawan. 2015. “Comparing Intention to Avoid Malware Across Contexts in a BYOD-Enabled Australian University: A Protection Motivation Theory Approach.” Computers & Security 48: 281–297. doi:10.1016/j.cose.2014.11.002.
  • Dang, D., S. Pittayachawan, and M. Z. Nkhoma. 2013. “Contextual Difference and Intention to Perform Information Security Behaviours: A Protection Motivation Theory Approach.” Australasian Conference on Information Systems, 1–10. doi:10.13140/2.1.3668.8169.
  • D’Arcy, J., A. Hovav, and D. Galletta. 2009. “User Awareness of Security Countermeasures and its Impact on Information Systems Misuse: A Deterrence Approach.” Information Systems Research 20 (1): 79–98. doi:10.1287/isre.1070.0160.
  • DeJoy, D. M., L. J. Della, R. J. Vandenberg, and M. G. Wilson. 2010. “Making Work Safer: Testing a Model of Social Exchange and Safety Management.” Journal of Safety Research 41: 163–171. doi:10.1016/j.jsr.2010.02.001.
  • Dhillon, G., Y. Talib, and W. N. Picoto. 2020. “The Mediating Role of Psychological Empowerment in Information Security Compliance Intentions.” Journal of the Association for Information Systems 21 (1): 152–174. doi:10.17705/1jais.00595.
  • Dinev, T., and Q. Hu. 2007. “The Centrality of Awareness in the Formation of User Behavioral Intention Toward Protective Information Technologies.” Journal of the Association for Information Systems 8 (7): 386–408. doi:10.17705/1jais.00133.
  • Fishbein, M., and I. Ajzen. 1975. Belief, Attitude, Intention and Behavior: An Introduction to Theory and Research. MA: Addison-Wesley.
  • Fornell, C., and D. F. Larcker. 1981. “Evaluating Structural Equation Models with Unobservable Variables and Measurement Error.” Journal of Marketing Research 18 (1): 39–50. doi:10.1177/002224378101800104.
  • Furnell, S., and N. Clarke. 2012. “Power to the People? The Evolving Recognition of Human Aspects of Security.” Computers & Security 31 (8): 983–988. doi:10.1016/j.cose.2012.08.004.
  • Furnell, S., W. Khern-am-nuai, R. Esmael, W. Yang, and N. Li. 2018. “Enhancing Security Behaviour by Supporting the User.” Computers & Security 75 (JUN): 1–9. doi:10.1016/j.cose.2018.01.016.
  • Guo, K. H., Y. Yuan, N. P. Archer, and C. E. Connelly. 2011. “Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model.” Journal of Management Information Systems 28 (2): 203–236. doi:10.2753/MIS0742-1222280208.
  • Halbesleben, J. R., J. P. Neveu, S. C. Paustian-Underdahl, and M. Westman. 2014. “Getting to the “COR”.” Journal of Management 40 (5): 1334–1364. doi:10.1177/0149206314527130.
  • Han, J., Y. J. Kim, and H. Kim. 2017. “An Integrative Model of Information Security Policy Compliance with Psychological Contract: Examining a Bilateral Perspective.” Computers & Security 66 (MAY): 52–65. doi:10.1016/j.cose.2016.12.016.
  • Hayes, A. F. 2013. An Introduction to Mediation, Moderation, and Conditional Process Analysis: A Regression-Based Approach. New York: Guilford Press.
  • Herath, T., and H. R. Rao. 2009. “Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations.” European Journal of Information Systems 18 (2): 106–125. doi:10.1057/ejis.2009.6.
  • Hobfoll, S. E. 1989. “Conservation of Resources: A new Attempt at Conceptualizing Stress.” American Psychologist 44 (3): 513–524. doi:10.1037/0003-066X.44.3.513.
  • Hobfoll, S. E. 2001. “The Influence of Culture, Community, and the Nested-Self in the Stress Process: Advancing Conservation of Resources Theory.” Applied Psychology 50 (3): 337–421. doi:10.1111/1464-0597.00062.
  • Hobfoll, S. E. 2011. “Conservation of Resource Caravans and Engaged Settings.” Journal of Occupational and Organizational Psychology 84 (1): 116–122. doi:10.1111/j.2044-8325.2010.02016.x.
  • Hobfoll, S. E., J. Halbesleben, J. P. Neveu, and M. Westman. 2018. “Conservation of Resources in the Organizational Context: The Reality of Resources and Their Consequences.” Annual Review of Organizational Psychology and Organizational Behavior 5 (1): 103–128. doi:10.1146/annurev-orgpsych-032117-104640.
  • Hofmann, D. A., and F. P. Morgeson. 1999. “Safety-related Behavior as a Social Exchange: The Role of Perceived Organizational Support and Leader–Member Exchange.” Journal of Applied Psychology 84 (2): 286–296. doi:10.1037/0021-9010.84.2.286.
  • Home Office. 2018. ‘A Call to Action: the Cyberaware perceptions gap’, Available from:https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/684609/BT_CYBER_AWARE_V11_280218.pdf [Accessed: 09/01/2022].
  • Hong, Y., and S. Furnell. 2021. “Understanding Cybersecurity Behavioral Habits: Insights from Situational Support.” Journal of Information Security and Applications 57. doi:10.1016/j.jisa.2020.102710.
  • Hong, Y., and S. Furnell. 2022. “Motivating Information Security Policy Compliance: Insights from Perceived Organizational Formalization.” Journal of Computer Information Systems, 19–28. doi:10.1080/08874417.2019.1683781.
  • Hong, Y., J. S. Kim, and L. Xiong. 2019. “Media Exposure and Individuals’ Emergency Preparedness Behaviors for Coping with Natural and Human-Made Disasters.” Journal of Environmental Psychology 63 (JUN): 82–91. doi:10.1016/j.jenvp.2019.04.005.
  • Hong, W., and J. Y. L. Thong. 2013. “Internet Privacy Concerns: An Integrated Conceptualization and Four Empirical Studies.” MIS Quarterly 37 (1): 275–298. https://www.jstor.org/stable/43825946 doi:10.25300/MISQ/2013/37.1.12.
  • Hu, S., C. Hsu, and Z. Zhou. 2021. “The Impact of SETA Event Attributes on Employees’ Security-Related Intentions: An Event System Theory Perspective.” Computers & Security 109 (4): 102404. doi:10.1016/j.cose.2021.102404.
  • Huang, Y. H., J. Lee, A. C. McFadden, L. A. Murphy, M. M. Robertson, J. H. Cheung, and D. Zohar. 2016. “Beyond Safety Outcomes: An Investigation of the Impact of Safety Climate on job Satisfaction, Employee Engagement and Turnover Using Social Exchange Theory as the Theoretical Framework.” Applied Ergonomics 55: 248–257. doi:10.1016/j.apergo.2015.10.007.
  • IBM Corporation. 2021. IBM X-Force Threat Intelligence Index 2021. Armonk, NY: IBM Security.
  • Ifinedo, P. 2012. “Understanding Information Systems Security Policy Compliance: An Integration of the Theory of Planned Behavior and the Protection Motivation Theory.” Computers & Security 31 (1): 83–95. doi:10.1016/j.cose.2011.10.007.
  • Ifinedo, P. 2018. “Roles of Organizational Climate, Social Bonds, and Perceptions of Security Threats on IS Security Policy Compliance Intentions.” Information Resources Management Journal 31 (1): 53–82. doi:10.4018/IRMJ.2018010103.
  • Janssen, E., L. van Osch, L. Lechner, M. Candel, and H. de Vries. 2012. “Thinking Versus Feeling: Differentiating Between Cognitive and Affective Components of Perceived Cancer Risk.” Psychology & Health 27: 767–783. doi:10.1080/08870446.2011.580846.
  • Johnston, A. C., M. Warkentin, and M. Siponen. 2015. “An Enhanced Fear Appeal Rhetorical Framework: Leveraging Threats to the Human Asset Through Sanctioning Rhetoric.” MIS Quarterly 39 (1): 113–134. doi:10.25300/MISQ/2015/39.1.06.
  • Kasperson, R. E., O. Renn, P. Slovic, H. S. Brown, J. Emel, R. Goble, J. X. Kasperson, and S. Ratick. 1988. “The Social Amplification of Risk: A Conceptual Framework.” Risk Analysis 8 (2): 177–187. doi:10.1111/j.1539-6924.1988.tb01168.x.
  • Kim, E. B. 2013. “Information Security Awareness Status of Business College: Undergraduate Students.” Information Security Journal: A Global Perspective 22 (4): 171–179. doi:10.1080/19393555.2013.828803.
  • Kim, E. B. 2014. “Recommendations for Information Security Awareness Training for College Students.” Information Management & Computer Security 22 (1): 115–126. doi:10.1108/IMCS-01-2013-0005.
  • Kotulic, A. G., and J. G. Clark. 2004. “Why There Aren’t More Information Security Research Studies.” Information & Management 41 (5): 597–607. doi:10.1016/j.im.2003.08.001.
  • Lauver, K. J., S. Lester, and H. Le. 2009. “Supervisor Support and Risk Perception: Their Relationship with Unreported Injuries and Near Misses.” Journal of Managerial Issues 21 (3): 327–343. https://www.jstor.org/stable/40604653.
  • Li, Y., and M. T. Siponen. 2011. “A Call for Research on Home Users’ Information Security Behaviour.” Pacific Asia Conference on Information Systems. https://aisel.aisnet.org/pacis2011/112
  • Li, H., J. Zhang, and R. Sarathy. 2010. “Understanding Compliance with Internet use Policy from the Perspective of Rational Choice Theory.” Decision Support Systems 48 (4): 635–645. doi:10.1016/j.dss.2009.12.005.
  • Liang, H., and Y. Xue. 2010. “Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective.” Journal of the Association for Information Systems 11 (7): 394–413. doi:10.17705/1jais.00232.
  • Loewenstein, G., E. U. Weber, C. K. Hsee, and N. Welch. 2001. “Risk as Feelings.” Psychological Bulletin 127 (2): 267–286. doi:10.1037/0033-2909.127.2.267.
  • Mearns, K. J., and T. Reader. 2008. “Organizational Support and Safety Outcomes: An un-Investigated Relationship?” Safety Science 46: 388–397. doi:10.1016/j.ssci.2007.05.002.
  • Menard, P., G. J. Bott, and R. E. Crossler. 2017. “User Motivations in Protecting Information Security: Protection Motivation Theory Versus Self-Determination Theory.” Journal of Management Information Systems 34 (4): 1203–1230. doi:10.1080/07421222.2017.1394083.
  • Mitchell, V. W. 1995. “Organizational Risk Perception and Reduction: A Literature Review.” British Journal of Management 6 (2): 115–133. doi:10.1111/j.1467-8551.1995.tb00089.x.
  • Mitnick, K. D. 2002. The Art of Deception: Controlling the17 Human Element of Security. New York: Wiley Publishing.
  • Moody, G. D., M. Siponen, and S. Pahnila. 2018. “Toward a Unified Model of Information Security Policy Compliance.” MIS Quarterly 42 (1): 285–311. doi:10.25300/MISQ/2018/13853.
  • Nagin, D. S., and G. Pogarsky. 2001. “Integrating Celerity, Impulsivity, and Extralegal Sanction Threats Into a Model of General Deterrence and Evidence.” Criminology; An interdisciplinary Journal 39 (4): 865–892. doi:10.1111/j.1745-9125.2001.tb00943.x.
  • Ng, T. W. H., and D. C. Feldman. 2012. “Employee Voice Behavior: A Meta-Analytic Test of the Conservation of Resources Framework.” Journal of Organizational Behavior 33 (22): 216–234. doi:10.1002/job.754.
  • Ni, M., J. D. Mccalley, V. Vittal, and T. Tayyib. 2003. “Online Risk-Based Security Assessment.” IEEE Transactions on Power Systems 18 (11): 258–265. doi:10.1109/TPWRS.2002.807091.
  • Pérez-González, D., S. T. Preciado, and P. Solana-Gonzalez. 2019. “Organizational Practices as Antecedents of the Information Security Management Performance.” Information Technology & People 32 (5): 1262–1275. doi:10.1108/ITP-06-2018-0261.
  • Peters, E., B. Burraston, and C. K. Mertz. 2004. “An Emotion-Based Model of Risk Perception and Stigma Susceptibility: Cognitive Appraisals of Emotion, Affective Reactivity, Worldviews, and Risk Perceptions in the Generation of Technological Stigma†.” Risk Analysis 24: 1349–1367. doi:10.1111/j.0272-4332.2004.00531.x.
  • Peters, L. H., and E. J. O’Connor. 1980. “Situational Constraints and Work Outcomes: The Influences of a Frequently Overlooked Construct.” The Academy of Management Review 5 (3): 391–397. doi:10.5465/amr.1980.4288856.
  • Pluut, H., R. Ilies, P. L. Curşeu, and Y. Liu. 2018. “Social Support at Work and at Home: Dual-Buffering Effects in the Work-Family Conflict Process.” Organizational Behavior and Human Decision Processes 146: 1–13. doi:10.1016/j.obhdp.2018.02.001.
  • Puhakainen, P., and M. Siponen. 2010. “Improving Employees’ Compliance Through Information Systems Security Training: An Action Research Study.” MIS Quarterly 34 (4): 757–778. doi:10.2307/25750704.
  • Renn, O. 1998. “The Role of Risk Perception for Risk Management.” Reliability Engineering & System Safety 59 (1): 49–62. doi:10.1016/S0951-8320(97)00119-1.
  • Renn, O., and E. Swaton. 1984. “Psychological and Sociological Approaches to Study Risk Perception.” Environment International 10: 557–575. doi:10.1016/0160-4120(84)90063-1.
  • Safa, N. S., and R. V. Solms. 2016. “Information Security Policy Compliance Model in Organizations.” Computers & Security 56: 70–82. doi:10.1016/j.cose.2015.10.006.
  • Settoon, R. P., N. Bennett, and R. C. Liden. 1996. “Social Exchange in Organizations: Perceived Organizational Support, Leader-Member Exchange, and Employee Reciprocity.” Journal of Applied Psychology 81 (3): 219–227. doi:10.1037/0021-9010.81.3.219.
  • Sharma, S., and M. Warkentin. 2019. “Do I Really Belong?: Impact of Employment Status on Information Security Policy Compliance.” Computers & Security 87: 101397. doi:10.1016/j.cose.2018.09.005.
  • Slovic, P., M. L. Finucane, E. Peters, and D. G. MacGregor. 2007. “The Affect Heuristic.” European Journal of Operational Research 177 (3): 1333–1352. doi:10.1016/j.ejor.2005.04.006.
  • Snyman, D., and H. Kruger. 2019. “Behavioural Threshold Analysis: Methodological and Practical Considerations for Applications in Information Security.” Behaviour & Information Technology 38 (11): 1088–1106. doi:10.1080/0144929X.2019.1569163.
  • Sundblad, E. L., A. Biel, and T. Gärling. 2007. “Cognitive and Affective Risk Judgements Related to Climate Change.” Journal of Environmental Psychology 27: 97–106. doi:10.1016/j.jenvp.2007.01.003.
  • Thompson, N., T. J. McGill, and X. Wang. 2017. ““Security Begins at Home”: Determinants of Home Computer and Mobile Device Security Behavior.” Computers & Security 70: 376–391. doi:10.1016/j.cose.2017.07.003.
  • Trumbo, C. W., L. Peek, M. A. Meyer, H. L. Marlatt, E. Gruntfest, B. D. McNoldy, and W. H. Schubert. 2016. “A Cognitive-Affective Scale for Hurricane Risk Perception.” Risk Analysis 36: 2233–2246. doi:10.1111/risa.12575.
  • Tsai, H. S., M. Jiang, S. Alhabash, R. LaRose, N. J. Rifon, and S. R. Cotton. 2016. “Understanding Online Safety Behaviors: A Protection Motivation Theory Perspective.” Computers & Security 59: 138–150. doi:10.1016/j.cose.2016.02.009.
  • Tu, Z., O. Turel, Y. Yuan, and N. Archer. 2015. “Learning to Cope with Information Security Risks Regarding Mobile Device Loss or Theft: An Empirical Examination.” Information & Management 52 (4): 506–517. doi:10.1016/j.im.2015.03.002.
  • Vance, A., B. Anderson, C. B. Kirwan, and D. W. Eargle. 2014. “Using Measures of Risk Perception to Predict Information Security Behavior: Insights from Electroencephalography (EEG).” Journal of the Association for Information Systems 15 (10): 679–722. doi:10.17705/1jais.00375.
  • Vance, A., M. Siponen, and S. Pahnila. 2012. “Motivating IS Security Compliance: Insights from Habit and Protection Motivation Theory.” Information & Management 49 (3-4): 190–198. doi:10.1016/j.im.2012.04.002.
  • van der Linden, S. 2015. “The Social-Psychological Determinants of Climate Change Risk Perceptions: Towards a Comprehensive Model.” Journal of Environmental Psychology 41: 112–124. doi:10.1016/j.jenvp.2014.11.012.
  • van Schaik, P., D. Jeske, J. Onibokun, L. Coventry, J. Jansen, and P. Kusev. 2017. “Risk Perceptions of Cyber-Security and Precautionary Behaviour.” Computers in Human Behavior 75: 547–559. doi:10.1016/j.chb.2017.05.038.
  • Vedadi, A., and M. Warkentin. 2020. “"Can Secure Behaviors Be Contagious? A Two-Stage Investigation of the Influence of Herd Behavior on Security Decisions ".” Journal of the Association for Information Systems 21 (2): 428–459. doi:10.17705/1jais.00607.
  • Warkentin, M., A. C. Johnston, and J. Shropshire. 2011. “The Influence of the Informal Social Learning Environment on Information Privacy Policy Compliance Efficacy and Intention.” European Journal of Information Systems 20 (3): 267–284. doi:10.1057/ejis.2010.72.
  • Wason, K. D., M. J. Polonsky, and M. R. Hyman. 2002. “Designing Vignette Studies in Marketing.” Australasian Marketing Journal 10 (3): 41–58. doi:10.1016/S1441-3582(02)70157-2.
  • Weber, E. U. 2006. “Experience-based and Description-Based Perceptions of Long-Term Risk: Why Global Warming Does not Scare us (yet).” Climatic Change 77: 103–120. doi:10.1007/s10584-006-9060-3.
  • Wolff, K., S. Larsen, and T. Øgaard. 2019. “How to Define and Measure Risk Perceptions.” Annals of Tourism Research 79: 102759. doi:10.1016/j.annals.2019.102759.
  • Workman, M., W. H. Bommer, and D. Straub. 2008. “Security Lapses and the Omission of Information Security Measures: A Threat Control Model and Empirical Test.” Computers in Human Behavior 24 (6): 2799–2816. doi:10.1016/j.chb.2008.04.005.
  • Yukl, G. 2002. Leadership in Organizations (5th Ed.). Upper Saddle River, NJ: Prentice-Hall.
  • Zajonc, R. B. 1980. “Feeling and Thinking: Preferences Need no Inferences.” American Psychologist 35: 151–175. doi:10.1037/0003-066X.35.2.151.
  • Zhen, J., Z. Xie, K. Dong, and L. Chen. 2022. “Impact of Negative Emotions on Violations of Information Security Policy and Possible Mitigations.” Behaviour & Information Technology 41 (11): 2342–2354. doi:10.1080/0144929X.2021.1921029.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Supercharge Your Next Research Paper: Research and write your next paper with Jenni AI.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.