Studying users’ computer security behavior: A health belief perspective

The damage due to computer security incidents is motivating organizations to adopt protective mechanisms. While technological controls are necessary, computer security also depends on individual’s security behavior. It is thus important to investigate what influences a user to practice computer security. This study uses the Health Belief Model, adapted from the healthcare literature, to study users’ computer security behavior. The model was validated using survey data from 134 employees. Results show that perceived susceptibility, perceived benefits, and self-efficacy are determinants of email related security behavior. Perceived severity moderates the effects of perceived benefits, general security orientation, cues to action, and self-efficacy on security behavior.