Experience Matters
Information systems security is a major organizational concern. This study examines the role of vicarious experience on an individual's behavioral intent to perform a secure recommended response. The protection motivation theory model is expanded to include vicarious experience, which was examined through the separate constructs of vicarious threat experience and vicarious response experience. This study closes a gap in the literature by including vicarious experience in the PMT model and confirming its role as a significant direct influence on the PMT threat and coping constructs, and thus on the PMT model's ability to explain the variance of an individual's intent to perform secure behaviors. Additionally, vicarious experience measures were multi-item reflective scales rather than the single item measures that are more typically used to measure experience. Implications for theory and practice are discussed.