Fear and Beyond: Advancing Behavioral Interventions in Organizational Information Security Research
Student thesis: Doctoral Thesis
Related Research Unit(s)
Organizational insiders—employee users of information systems—present threats and opportunities as defenders of organizational information security. To secure organizational information assets, it is crucial for organizations to raise insiders’ awareness and motivation to comply with information security policies (ISPs). However, current efforts to raise awareness and motivation through security education, training, and awareness (SETA) programs are often perceived as onerous and disruptive by insiders; thus, ISPs are neglected, or sometimes even intentionally ignored, and therefore fall short of promoting compliance intentions among insiders. Against this backdrop, this thesis proposes fear appeals as brief and motivating training intervention devices. Fear appeals are short messages that communicate threats in order to stimulate a specific behavioral response, and thus hold potential to more effectively address the issue of insider compliance than extant approaches. This thesis involves two separate studies that present a sequential, stepwise advancement of theory in the effort to build a brief and effective training method. The first study contributes to this endeavor by providing and validating a theoretical backdrop to guide more effective fear appeal design. The second study proposes that—beyond fear—emotions in general are useful motivators for compliance, and postulates a framework that explains when emotions can be useful for promoting specific behaviors.