Fear appeal cues to motivate users' security protection behaviors: an empirical test of heuristic cues to enhance risk communication

PurposeFirms continue to struggle with end users who do not follow recommended actions for safeguarding information security. Thus, the authors utilize insights gained from studies on heuristic processing of risk information to design cues in fear appeal messages more effectively so as to more strongly engender fear among users, which can in turn lead them to take protective actions toward information security. Specifically, four types of fear appeal cues are identified: numeric risk communication, social distance and goal framing in verbal risk communication and visual risk communication.Design/methodology/approachDrawing from protection motivation theory, the authors hypothesize that these fear appeal cues can engender fear among users to a greater extent. In addition, the authors hypothesize that users will perceive a higher level of severity and susceptibility when they perceive a large amount of fear. The research hypotheses were tested employing data collected through a laboratory experiment. Analysis of variance (ANOVA) and regression analyses were performed to analyze the data.FindingsThe study's results suggest that numeric and visual risk communication cues in security notices can significantly increase the amount of fear felt by users. In addition, social distance was found to marginally increase the amount of fear felt by users. However, unlike our expectation, goal framing was not found to increase the amount of fear when the other three types of fear appeal cues were also given in a security notice. It was also found that induced fear can increase the severity and susceptibility of threats as perceived by users.Originality/valueThe study contributes to the literature on fear appeal cues designed to promote users' security protection behaviors. No prior study has designed security notices featuring the four different types of fear appeal cues and empirically tested the effectiveness of those cues in inducing fear among users. The findings suggest that the design of fear appeal cues can be improved by understanding individuals' heuristic processing of risk information, which can be subject to cognitive biases.

Download Full-text

An empirical test of the perceived relationship between risk and the constituents severity and probability

Information and Computer Security ◽

10.1108/ics-01-2016-0004 ◽

2016 ◽

Vol 24 (2) ◽

pp. 194-204 ◽

Cited By ~ 1

Author(s):

Teodor Sommestad ◽

Henrik Karlzén ◽

Peter Nilsson ◽

Jonas Hallberg

Keyword(s):

Decision Making ◽

Information Security ◽

Empirical Test ◽

Security Risk ◽

Content Type ◽

Procedural Support ◽

The Mean ◽

Information Security Risk ◽

The Relationship ◽

Mean Variance

Purpose In methods and manuals, the product of an information security incident’s probability and severity is seen as a risk to manage. The purpose of the test described in this paper is to investigate if information security risk is perceived in this way, if decision-making style influences the perceived relationship between the three variables and if the level of information security expertise influences the relationship between the three variables. Design/methodology/approach Ten respondents assessed 105 potential information security incidents. Ratings of the associated risks were obtained independently from ratings of the probability and severity of the incidents. Decision-making style was measured using a scale inspired from the Cognitive Style Index; information security expertise was self-reported. Regression analysis was used to test the relationship between variables. Findings The ten respondents did not assess risk as the product of probability and severity, regardless of experience, expertise and decision-making style. The mean variance explained in risk ratings using an additive term is 54.0 or 38.4 per cent, depending on how risk is measured. When a multiplicative term was added, the mean variance only increased by 1.5 or 2.4 per cent. For most of the respondents, the contribution of the multiplicative term is statistically insignificant. Practical Implications The inability or unwillingness to see risk as a product of probability and severity suggests that procedural support (e.g. risk matrices) has a role to play in the risk assessment processes. Originality/value This study is the first to test if information security risk is assessed as an interaction between probability and severity using suitable scales and a within-subject design.

Download Full-text

The effects of advertising skepticism in consumer prescription drug advertising

International Journal of Pharmaceutical and Healthcare Marketing ◽

10.1108/ijphm-10-2016-0054 ◽

2017 ◽

Vol 11 (4) ◽

pp. 395-411 ◽

Cited By ~ 2

Author(s):

Ilwoo Ju

Keyword(s):

Health Risk ◽

Risk Communication ◽

Prescription Drug ◽

Risk Information ◽

Risk Disclosure ◽

Drug Advertising ◽

Content Type ◽

Prescription Drug Advertising ◽

Advertising Evaluation

Purpose The purpose of this study is to examine the effects of consumers’ prescription drug advertising (DTCA) skepticism on their advertising evaluation. In addition, the study investigates the moderating role of health risk information location in DTCA and the mediating role of perceived message effectiveness to address when and how the skepticism effects are maximized or minimized. Design/methodology/approach The study used a controlled lab experiment to enhance internal validity. Findings This study found that when risk information was presented earlier in a more prominent manner, it appeared to reduce the DTCA skepticism effects. In contrast, the DTCA skepticism effects remained considerable when benefit information was presented earlier. Research limitations/implications The artificial nature of the controlled lab setting suggests conducting future research in a more natural setting using various therapeutic and product categories to enhance ecological and external validity. Practical implications Pharmaceutical marketers could reduce consumers’ DTCA skepticism effects on their advertising evaluation by using situational message strategies. The prominence of health risk disclosure could be one of such strategies. Social implications The FDA’s industry guidance for DTCA risk communication suggests that the location of risk information in the ad may play an important role in determining its prominence. However, little is known about how complying with the FDA’s risk communication guidance by presenting a more prominent risk disclosure can affect consumers’ ad evaluation by affecting the DTCA skepticism effects. The current study provides empirical evidence for the importance of the health risk disclosure prominence. Originality/value Because the FDA’s release of the DTCA risk communication guidance, little empirical research has been conducted to examine a wide range of situational message factors that may affect consumers’ response to DTCA risk communication. The current study filled the gap in the literature by addressing the interplay between consumer and message factors in the DTCA context.

Download Full-text

Information security in the South Australian real estate industry

Information Management & Computer Security ◽

10.1108/imcs-10-2012-0060 ◽

2014 ◽

Vol 22 (1) ◽

pp. 24-41 ◽

Cited By ~ 9

Author(s):

Deepa Mani ◽

Kim-Kwang Raymond Choo ◽

Sameera Mubarak

Keyword(s):

Risk Management ◽

Information Security ◽

Real Estate ◽

South Australia ◽

Security Threats ◽

The South ◽

Content Type ◽

The Real ◽

The Real Estate ◽

Real Estate Sector

Purpose – Opportunities for malicious cyber activities have expanded with the globalisation and advancements in information and communication technology. Such activities will increasingly affect the security of businesses with online presence and/or connected to the internet. Although the real estate sector is a potential attack vector for and target of malicious cyber activities, it is an understudied industry. This paper aims to contribute to a better understanding of the information security threats, awareness, and risk management standards currently employed by the real estate sector in South Australia. Design/methodology/approach – The current study comprises both quantitative and qualitative methodologies, which include 20 survey questionnaires and 20 face-to-face interviews conducted in South Australia. Findings – There is a lack of understanding about the true magnitude of malicious cyber activities and its impact on the real estate sector, as illustrated in the findings of 40 real estate organisations in South Australia. The findings and the escalating complexities of the online environment underscore the need for regular ongoing training programs for basic online security (including new cybercrime trends) and the promotion of a culture of information security (e.g. when using smart mobile devices to store and access sensitive data) among staff. Such initiatives will enable staff employed in the (South Australian) real estate sector to maintain the current knowledge of the latest cybercrime activities and the best cyber security protection measures available. Originality/value – This is the first academic study focusing on the real estate organisations in South Australia. The findings will contribute to the evidence on the information security threats faced by the sector as well as in develop sector-specific information security risk management guidelines.

Download Full-text

What drives housing prices, rent and new construction in China

International Journal of Housing Markets and Analysis ◽

10.1108/ijhma-12-2016-0080 ◽

2017 ◽

Vol 10 (5) ◽

pp. 662-686

Author(s):

Dimitrios Staikos ◽

Wenjun Xue

Keyword(s):

Real Estate ◽

Empirical Test ◽

Housing Prices ◽

Panel Cointegration ◽

Real Estate Market ◽

Estimation Methods ◽

Content Type ◽

New Construction ◽

Using Data ◽

First Time

Purpose With this paper, the authors aim to investigate the drivers behind three of the most important aspects of the Chinese real estate market, housing prices, housing rent and new construction. At the same time, the authors perform a comprehensive empirical test of the popular 4-quadrant model by Wheaton and DiPasquale. Design/methodology/approach In this paper, the authors utilize panel cointegration estimation methods and data from 35 Chinese metropolitan areas. Findings The results indicate that the 4-quadrant model is well suited to explain the determinants of housing prices. However, the same is not true regarding housing rent and new construction suggesting a more complex theoretical framework may be required for a well-rounded explanation of real estate markets. Originality/value It is the first time that panel data are used to estimate rent and new construction for China. Also, it is the first time a comprehensive test of the Wheaton and DiPasquale 4-quadrant model is performed using data from China.

Download Full-text

Identifying core control items of information security management and improvement strategies by applying fuzzy DEMATEL

Information and Computer Security ◽

10.1108/ics-04-2014-0026 ◽

2015 ◽

Vol 23 (2) ◽

pp. 161-177 ◽

Cited By ~ 5

Author(s):

Li-Hsing Ho ◽

Ming-Tsai Hsu ◽

Tieh-Min Yen

Keyword(s):

Information Security ◽

Security Policy ◽

Security Management ◽

Fuzzy Dematel ◽

Information Security Management ◽

Content Type ◽

Cause And Effect ◽

Information Security Management System ◽

Security Control ◽

Improvement Strategies

Purpose – The purpose of this paper is to analyze the cause-and-effect relationship and the mutually influential level among information security control items, as well as to provide organizations with a method for analyzing and making systematic decisions for improvement. Design/methodology/approach – This study utilized the Fuzzy DEMATEL to analyze cause-and-effect relationships and mutual influence of the 11 control items of the International Organization for Standardization (ISO) 27001 Information Security Management System (ISMS), which are discussed by seven experts in Taiwan to identify the core control items for developing the improvement strategies. Findings – The study has found that the three core control items of the ISMS are security policy (SC1), access control (SC7) and human resource security (SC4). This study provides organizations with a direction to develop improvement strategies and effectively manage the ISMS of the organization. Originality/value – The value of this study is for an organization to effectively dedicate resources to core control items, such that other control items are driven toward positive change by analyzing the cause-and-effect relation and the mutual influential level among information security control items, through a cause-and-effect matrix and a systematic diagram.

Download Full-text

How do you warn them if they speak only Spanish? Challenges for organizations in communicating risk to Colonias residents in Texas, USA

Disaster Prevention and Management An International Journal ◽

10.1108/dpm-02-2014-0022 ◽

2014 ◽

Vol 23 (5) ◽

pp. 533-550 ◽

Cited By ~ 13

Author(s):

Sudha Arlikatti ◽

Hassan A. Taibah ◽

Simon A. Andrew

Keyword(s):

Nonprofit Organizations ◽

Online Survey ◽

Linguistically Diverse ◽

Risk Information ◽

Culturally And Linguistically Diverse ◽

Future Research ◽

Snowball Sampling ◽

Content Type ◽

Diverse Groups ◽

Communicating Risk

Purpose – The purpose of this paper is to examine the information channels used by public and nonprofit organizations to communicate disaster risk information to Colonias residents in Hidalgo County, Texas. It seeks to find creative and proactive solutions for organizations to improve risk education to these constituents. Design/methodology/approach – Initially a snowball sampling technique was used to conduct six face-to-face interviews. This was followed by an online survey sent to 64 reputational referrals, of which 23 completed the survey, generating a response rate of 34 percent. A comparative analysis between public and nonprofit organizations and the Fischer's exact test were employed to analyze the data. Findings – Channel preferences for providing risk information varied with public organizations using the television (TV) and the nonprofit organizations using bilingual staff for outreach. The television, radio, public events, and bilingual staff were considered to be the most effective while social media (Facebook, Twitter, and city web sites) was not considered at all by both groups. Lack of funding and staffing problems were identified as the primary challenges. Research limitations/implications – One limitation is that the paper focusses on organizations serving Spanish speakers in the Texas Colonias. Future research needs to investigate how other localities at border sites where culturally and linguistically diverse groups might reside, receive and understand risk information. The role of cross-national organizations in creating internationally coordinated plans for disaster communication should also be explored. Originality/value – It highlights the challenges faced by organizations in communicating risk, especially in border communities where culturally and linguistically diverse groups reside.

Download Full-text

Does graphical reporting improve risk disclosure? Evidence from European banks

Journal of Applied Accounting Research ◽

10.1108/jaar-07-2016-0068 ◽

2018 ◽

Vol 19 (1) ◽

pp. 161-180 ◽

Cited By ~ 5

Author(s):

Michael Jones ◽

Andrea Melis ◽

Silvia Gaia ◽

Simone Aresu

Keyword(s):

Credit Risk ◽

Impression Management ◽

Perspective Taking ◽

Voluntary Disclosure ◽

Cognitive Biases ◽

Annual Reports ◽

Theory Approach ◽

Risk Disclosure ◽

Content Type ◽

Incremental Information

Purpose The purpose of this paper is to examine the voluntary disclosure of risk-related issues, with a focus on credit risk, in graphical reporting for listed banks in the major European economies. It aims to understand if banks portray credit risk-related information in graphs accurately and whether these graphs provide incremental, rather than replicative, information. It also investigates whether credit risk-related graphs provide a fair representation of risk performance or a more favourable impression than is warranted. Design/methodology/approach A graphical accuracy index was constructed. Incremental information was measured. A multi-level linear model investigated whether credit risk affects the quantity and quality of graphical credit risk disclosure. Findings Banks used credit risk graphs to provide incremental information. They were also selective, with riskier banks less likely to use risk graphs. Banks were accurate in their graphical reporting, particularly those with high levels of credit risk. These findings can be explained within an impression management perspective taking human cognitive biases into account. Preparers of risk graphs seem to prefer selective omission over obfuscation via inaccuracy. This probably reflects the fact that individuals, and by implication annual report’s users, generally judge the provision of inaccurate information more harshly than the omission of unfavourable information. Research limitations/implications This study provides theoretical insights by pointing out the limitations of a purely economics-based agency theory approach to impression management. Practical implications The study suggests annual reports’ readers need to be careful about subtle forms of impression management, such as those exploiting their cognitive bias. Regulatory and professional bodies should develop guidelines to ensure neutral and comparable graphical disclosure. Originality/value This study provides a substantive alternative to the predominant economic perspective on impression management in corporate reporting, by incorporating a psychological perspective taking human cognitive biases into account.

Download Full-text

Becoming morally disengaged: how long does it take?

Leadership & Organization Development Journal ◽

10.1108/lodj-01-2020-0005 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Teresa Almeida ◽

Francisca Abreu ◽

Nelson C. Ramalho

Keyword(s):

Ethical Leadership ◽

Moral Disengagement ◽

Ethical Climate ◽

Empirical Test ◽

Research Trend ◽

Leadership Studies ◽

Moderator Variable ◽

Content Type ◽

Leadership Research

PurposeLeadership is a time-dependent process and a recent leadership research trend posits a central role of time-based variables. The dyadic tenure plays a keystone role in understanding leader–follower dynamics, especially as regards leader ethics. In line with this, from a social learning theory perspective, the authors propose a model that explains how and when ethical leaders' behaviors influence subordinates' moral disengagement.Design/methodology/approachWith a sample of 220 employees, the present study tests the conditional indirect effect of ethical leadership on followers' moral disengagement via instrumental ethical climate (IEC), using dyadic tenure as the moderator variable. The analyses were conducted with Hayes PROCESS macro.FindingsResults suggested that IEC fully mediates the relationship between ethical leadership and moral disengagement. Thus, when followers perceive low levels of ethical leadership, they notice higher levels of IEC, which is positively related to moral disengagement. However, IEC perception only influences moral disengagement when dyadic tenure approaches the third year.Originality/valueThis paper answers calls to include time-based variables in leadership studies. Hence, using dyadic tenure, this study gives support to previous propositions that were still awaiting empirical test.

Download Full-text

Blockchain as supply chain technology: considering transparency and security

International Journal of Physical Distribution & Logistics Management ◽

10.1108/ijpdlm-08-2019-0234 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Pei Xu ◽

Joonghee Lee ◽

James R. Barth ◽

Robert Glenn Richey

Keyword(s):

Supply Chain ◽

Text Mining ◽

Information Security ◽

Design Methodology ◽

Use Cases ◽

Future Research ◽

Content Type ◽

Blockchain Technology ◽

Twitter Data ◽

The Way

PurposeThis paper discusses how the features of blockchain technology impact supply chain transparency through the lens of the information security triad (confidentiality, integrity and availability). Ultimately, propositions are developed to encourage future research in supply chain applications of blockchain technology.Design/methodology/approachPropositions are developed based on a synthesis of the information security and supply chain transparency literature. Findings from text mining of Twitter data and a discussion of three major blockchain use cases support the development of the propositions.FindingsThe authors note that confidentiality limits supply chain transparency, which causes tension between transparency and security. Integrity and availability promote supply chain transparency. Blockchain features can preserve security and increase transparency at the same time, despite the tension between confidentiality and transparency.Research limitations/implicationsThe research was conducted at a time when most blockchain applications were still in pilot stages. The propositions developed should therefore be revisited as blockchain applications become more widely adopted and mature.Originality/valueThis study is among the first to examine the way blockchain technology eases the tension between supply chain transparency and security. Unlike other studies that have suggested only positive impacts of blockchain technology on transparency, this study demonstrates that blockchain features can influence transparency both positively and negatively.

Download Full-text

E-waste information security protection motivation: the role of optimism bias

Information Technology and People ◽

10.1108/itp-09-2019-0458 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Hao Chen ◽

Ofir Turel ◽

Yufei Yuan

Keyword(s):

Information Security ◽

Risk Behavior ◽

Equation Modeling ◽

Perceived Threat ◽

Protection Motivation ◽

Security Risk ◽

Content Type ◽

Optimism Bias ◽

Information Security Risk

PurposeElectronic waste (e-waste) such as discarded computers and smartphones may contain large amounts of confidential data. Improper handling of remaining information in e-waste can, therefore, drive information security risk. This risk, however, is not always properly assessed and managed. The authors take the protection motivation theory (PMT) lens of analysis to understand intentions to protect one's discarded electronic assets.Design/methodology/approachBy applying structural equation modeling, the authors empirically tested the proposed model with survey data from 348 e-waste handling users.FindingsResults highlight that (1) protection intention is influenced by the perceived threat of discarding untreated e-waste (a threat appraisal) and self-efficacy to treat the discarded e-waste (a coping appraisal) and (2) optimism bias plays a dual-role in a direct and moderating way to reduce the perceived threat of untreated e-waste and its effect on protection intentions.Originality/valueResults support the assertions and portray a unique theoretical account of the processes that underline people's motivation to protect their data when discarding e-waste. As such, this study explains a relatively understudied information security risk behavior in the e-waste context, points to the role of optimism bias in such decisions and highlights potential interventions that can help to alleviate this information security risk behavior.

Download Full-text