This research investigates the factors that motivate employees to protect their organizations from information security threats via protection-motivated behaviors (PMBs). A model founded on Protection Motivation Theory (PMT) and several rival explanations is assessed using data from 380 employees from a wide variety of industries in the U.S. Several important findings for behavioral information security research emerged. First, the basic assumptions of PMT hold in an organizational security context whereby employees weigh the potential benefits and risks associated with threats before engaging in PMBs. Intrinsic maladaptive rewards, response efficacy, and response costs effectively influence employees’ protection motivation levels; however, extrinsic maladaptive rewards and threat vulnerability and severity do not. Moreover, fear does not play a significant role in motivating insiders to engage in PMBs. The rival explanations for protection motivation of job satisfaction and management support significantly influence employees’ protection motivation, whereas sanctions and financial incentives do not.
Research on the effectiveness of cyber security awareness in ICS Risk Assessment Frameworks
Assessing security awareness among users is essential for protecting industrial control systems (ICSs) from social...