Human aspects of information security: An empirical study of intentional versus actual behavior

Purpose – A significant amount of empirical research has been conducted on the socio‐economic (sociological, psychological, economic) aspects of information security, such as the phenomenon of individuals who are willing to take security measures, but often do not. There is a growing body of research relating to individual behaviour and decision making and the purpose of this paper is to analyze a survey on the behaviour of individuals who implement information security measures. Design/methodology/approach – To promote effective information security measures, this paper refers to research on the psychology of persuasion from the field of social psychology. A survey was conducted into determinants for changing attitudes through persuasive messages, and the results were analysed. A questionnaire was used and the authors built a demonstrative experimental environment, which analysed in detail attitudinal changes in an individuals’ behaviour. Findings – The authors found differences in behaviour regarding the intent to implement measures discovered from the responses to the questionnaire as well as from actual conduct in the demonstrative experiment. Originality/value – It is original to adopt a model defined by social psychology, especially Protection Motivation Theory and Elaborative Likelihood Model. The authors conducted both questionnaire survey and the psychological experiment.