Understanding security behaviors in personal computer usage: A threat avoidance perspective
This study aims to understand the IT threat avoidance behaviors of personal computer users. We tested a research model derived from Technology Threat Avoidance Theory (TTAT) using survey data. We find that users' IT threat avoidance behavior is predicted by avoidance motivation, which, in turn, is determined by perceived threat, safeguard effectiveness, safeguard cost, and self-efficacy. Users develop a threat perception when they believe that the malicious IT is likely to attack them (perceived susceptibility) and the negative consequences will be severe if they are attacked (perceived severity). When threatened, users are more motivated to avoid the threat if they believe that the safeguarding measure is effective (safeguard effectiveness) and inexpensive (safeguard cost) and they have confidence in using it (self-efficacy). In addition, we find that perceived threat and safeguard effectiveness have a negative interaction on avoidance motivation so that a higher level of perceived threat is associated with a weaker relationship between safeguard effectiveness and avoidance motivation or a higher level of safeguard effectiveness is associated with a weaker relationship between perceived threat and avoidance motivation. These findings provide an enriched understanding about personal computer users' IT threat avoidance behavior. © 2010, by the Association for Information Systems.
Journal of the Association for Information Systems
Liang, H., & Xue, Y. (2010). Understanding security behaviors in personal computer usage: A threat avoidance perspective. Journal of the Association for Information Systems, 11 (7), 394-413. https://doi.org/10.17705/1jais.00232