Abstract
The COVID-19 pandemic has forced individuals to adopt online applications and technologies, as well as remote working patterns. However, with changes in technology and working patterns, new vulnerabilities are likely to arise. Cybersecurity threats have rapidly evolved to exploit uncertainty during the pandemic, and users need to apply careful judgment and vigilance to avoid becoming the victim of a cyber-attack. This paper explores the factors that motivate security behaviour, considering the current environmental uncertainty. An adapted model, primarily based on the Protection Motivation Theory (PMT), is proposed and evaluated using data collected from an online survey of 222 respondents from a Higher Education institution. Data analysis was performed using Partial Least Squares Structural Equation Modelling (PLS-SEM). The results confirm the applicability of PMT in the security context. Respondentsā behavioural intention, perceived threat vulnerability, response cost, response efficacy, security habits, and subjective norm predicted self-reported security behaviour. In contrast, environmental uncertainty, attitude towards policy compliance, self-efficacy and perceived threat severity did not significantly impact behavioural intention. The results show that respondents were able to cope with environmental uncertainty and maintain security behaviour.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
DomĆnguez, C.M.F., Ramaswamy, M., Martinez, E.M., Cleal, M.G.: A framework for information security awareness programs. Issues Inf. Syst. 11(1), 402ā409 (2010)
Beautement, A., Sasse, M.A., Wonham, M.: The compliance budget: managing security behaviour in organisations. In: Proceedings of the 2008 New Security Paradigms Workshop, pp. 47ā58 (2008)
Naidoo, R.: A multi-level influence model of COVID-19 themed cybercrime. Eur. J. Inf. Syst. 29(3), 306ā321 (2020)
Pattinson, M., Parsons, K., Butavicius, M., McCormac, A., Calic, D.: Assessing information security attitudes: a comparison of two studies. Inf. Comput. Secur. 24(2), 228ā240 (2016)
Rupere, T., Muhonde, M.: Towards minizing human factors in end-user information security (2012)
Nasir, A., Arshah, R.A., Ab Hamid, M.R.: The significance of main constructs of theory of planned behavior in recent information security policy compliance behavior study: a comparison among top three behavioral theories. Int. J. Eng. Technol. 7(2.29), 737ā741 (2018)
Dang-Pham, D., Pittayachawan, S., Bruno, V.: Why employees share information security advice? Exploring the contributing factors and structural patterns of security advice sharing in the workplace. Comput. Hum. Behav. 67, 196ā206 (2017)
Tsai, H.S., Jiang, M., Alhabash, S., LaRose, R., Rifon, N.J., Cotten, S.R.: Understanding online safety behaviors: a protection motivation theory perspective. Comput. Secur. 59, 138ā150 (2016)
Holmes, M., Ophoff, J.: Online security behaviour: factors influencing intention to adopt two-factor authentication. In: 14th International Conference on Cyber Warfare and Security, ICCWS 2019, p. 123 (2019)
Moletsane, T., Tsibolane, P.: Mobile information security awareness among students in higher education: an exploratory study. In: 2020 Conference on Information Communications Technology and Society (ICTAS), pp. 1ā6. IEEE (2020)
Maddux, J.E., Rogers, R.W.: Protection motivation and self-efficacy: a revised theory of fear appeals and attitude change. J. Exp. Soc. Psychol. 19(5), 469ā479 (1983)
Yoon, C., Hwang, J.W., Kim, R.: Exploring factors that influence studentsā behaviors in information security. J. Inf. Syst. Educ. 23(4), 407ā416 (2012)
Tu, Z., Yuan, Y., Archer, N.: Understanding user behaviour in coping with security threats of mobile device loss and theft. Int. J. Mob. Commun. 12(6), 603ā623 (2014)
Yoon, C., Kim, H.: Understanding computer security behavioral intention in the workplace. Inf. Technol. People (2013)
Srisawang, S., Thongmak, M., Ngarmyarn, A.: Factors affecting computer crime protection behavior. In: PACIS, p. 31 (2015)
Ajzen, I.: The theory of planned behavior. Organ. Behav. Hum. Decis. Process. 50(2), 179ā211 (1991)
Chen, Y., Zahedi, F.M.: Individualsā internet security perceptions and behaviors: polycontextual contrasts between the United States and China. MIS Q. 40(1), 205ā222 (2016)
Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A., Herawan, T.: Information security conscious care behaviour formation in organizations. Comput. Secur. 53, 65ā78 (2015)
Johnston, A.C., Warkentin, M.: Fear appeals and information security behaviors: An empirical study. MIS Q. 34(3), 549ā566 (2010)
Cheng, L., Li, Y., Li, W., Holm, E., Zhai, Q.: Understanding the violation of IS security policy in organizations: an integrated model based on social control and deterrence theory. Comput. Secur. 39, 447ā459 (2013)
Williams, A.S., Maharaj, M.S., Ojo, A.I.: Employee behavioural factors and information security standard compliance in Nigeria banks. Int. J. Comput. Digit. Syst. 8(04), 387ā396 (2019)
Rogers, R.W.: A protection motivation theory of fear appeals and attitude change1. J. Psychol. 91(1), 93ā114 (1975)
Foltz, C.B., Newkirk, H.E., Schwager, P.H.: An empirical investigation of factors that influence individual behavior toward changing social networking security settings. J. Theor. Appl. Electron. Commer. Res. 11(2), 1ā15 (2016)
Ifinedo, P.: Information systems security policy compliance: an empirical study of the effects of socialisation, influence, and cognition. Inf. Manag. 51(1), 69ā79 (2014)
Workman, M., Bommer, W.H., Straub, D.: Security lapses and the omission of information security measures: a threat control model and empirical test. Comput. Hum. Behav. 24(6), 2799ā2816 (2008)
Limayem, M., Khalifa, M., Chin, W.W.: Factors motivating software piracy: a longitudinal study. IEEE Trans. Eng. Manag. 51(4), 414ā425 (2004)
Milliken, F.J.: Three types of perceived uncertainty about the environment: state, effect, and response uncertainty. Acad. Manag. Rev. 12(1), 133ā143 (1987)
Straub, D.W.: Validating instruments in MIS research. MIS Q. 13(2), 147ā169 (1989)
Woon, I., Tan, G.W., Low, R.: A protection motivation theory approach to home wireless security (2005)
Ng, B.Y., Xu, Y.: Studying usersā computer security behavior using the Health Belief Model. In: PACIS 2007 Proceedings, p. 45 (2007)
Chen, X., Zhang, X.: How environmental uncertainty moderates the effect of relative advantage and perceived credibility on the adoption of mobile health services by Chinese organizations in the big data era. Int. J. Telemed. Appl. 2016 (2016)
Pavlou, P.A., Liang, H., Xue, Y.: Understanding and mitigating uncertainty in online exchange relationships: a principal-agent perspective. MIS Q. 31(1), 105ā136 (2007)
Kautondokwa, P.: Factors that motivate end-user security behaviour in higher education: a study of UCT during COVID-19. Department of Information Systems, University of Cape Town, South Africa (2020). Unpublished Honours Project
Hair, J.F., Jr., Hult, G.T.M., Ringle, C., Sarstedt, M.: A Primer on Partial Least Squares Structural Equation Modeling (PLS-SEM). Sage Publications, Los Angeles (2016)
Henseler, J., Ringle, C.M., Sarstedt, M.: A new criterion for assessing discriminant validity in variance-based structural equation modeling. J. Acad. Mark. Sci. 43(1), 115ā135 (2014). https://doi.org/10.1007/s11747-014-0403-8
Hair, J.F., Risher, J.J., Sarstedt, M., Ringle, C.M.: When to use and how to report the results of PLS-SEM. Eur. Bus. Rev. (2019)
Martens, M., De Wolf, R., De Marez, L.: Investigating and comparing the predictors of the intention towards taking security measures against malware, scams and cybercrime in general. Comput. Hum. Behav. 92, 139ā150 (2019)
Sharma, P., Leung, T.Y., Kingshott, R.P., Davcik, N.S., Cardinali, S.: Managing uncertainty during a global pandemic: an international business perspective. J. Bus. Res. 116, 188ā192 (2020)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
A Appendix
A Appendix
Rights and permissions
Copyright information
Ā© 2021 IFIP International Federation for Information Processing
About this paper
Cite this paper
Kautondokwa, P., Ruhwanya, Z., Ophoff, J. (2021). Environmental Uncertainty and End-User Security Behaviour: A Study During the COVID-19 Pandemic. In: Drevin, L., Miloslavskaya, N., Leung, W.S., von Solms, S. (eds) Information Security Education for Cyber Resilience. WISE 2021. IFIP Advances in Information and Communication Technology, vol 615. Springer, Cham. https://doi.org/10.1007/978-3-030-80865-5_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-80865-5_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-80864-8
Online ISBN: 978-3-030-80865-5
eBook Packages: Computer ScienceComputer Science (R0)
