An Empirical Examination of Fear Appeal's Effect on Behavioral Intention to Comply with Anti-Spyware Software Information Security Recommendations among College Students.

摘要

Information security is a concern for managers implementing protection measures. Implementing information security measures requires communicating both the reason and remediation for the protection measure. Examining how an anti-spyware security communication affects an individual's intention to implement a protection measure could help improve adoption. There is a gap in the literature examining the anti-spyware security measure implementation behavioral intention using a fear appeal as motivation and incorporating protection motivation theory and propensity to trust constructs. The purpose of this study was to examine a college student's behavioral intention to protect their electronic data through compliance with an information security recommendation to avoid spyware. A quantitative, experimental, posttest-only, control group research design was used to examine behavioral intent. Survey responses were analyzed using partial least squares-structural equation modeling and were used to calculate the inferential statistics and test the study hypotheses. The general research question was as follows: To what extent does perceived threat severity, perceived threat susceptibility, response efficacy, self-efficacy, and propensity to trust influence a college student's behavioral intent to implement a recommended information security measure? Results indicated the measurement model was appropriate for this study. Structural model results did not indicate excessive collinearity, but many of the path coefficients were not significant or were positive when they were hypothesized to be negative. These findings resulted in a rejection of most of the hypotheses. Also, there was not a statistically significant difference between the survey construct response means. The lack of a statistically significant difference between the response means, along with the statistically nonsignificant path coefficient, could indicate the information security communication did not motivate a change in information security behavior. It could also be an indication that the selected college student population had an increased awareness of anti-spyware software and the information security communication did not provide any new information. Management could use the procedure described in the dissertation to develop a process to examine the effectiveness of information security communication before being implemented.