On the Impact of Perceived Vulnerability in the Adoption of Information Systems Security Innovations

Full Text (PDF, 351KB), PP.9-18

Views: 0 Downloads: 0


Mumtaz Abdul Hameed 1,* Nalin Asanka Gamagedara Arachchilage 2

1. Technovation Consulting and Training (Pvt) Ltd. 1/33, Chandhani Magu, Male’. 20003. Maldives

2. School of Engineering and Information Technology, University of New South Wales (UNSW Canberra), The Australian Defence Force Academy. Australia

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2019.04.02

Received: 19 Jan. 2019 / Revised: 10 Feb. 2019 / Accepted: 19 Feb. 2019 / Published: 8 Apr. 2019

Index Terms

Perceived Vulnerability, Information Systems Security, Innovation Adoption Behaviour, Protection Motivation Theory, Systematic Literature Review


A number of determinants predict the adoption of Information Systems (IS) security innovations. Amongst, perceived vulnerability of IS security threats has been examined in a number of past explorations. In this research, we examined the processes pursued in analysing the relationship between perceived vulnerability of IS security threats and the adoption of IS security innovations. The study uses Systematic Literature Review (SLR) method to evaluate the practice involved in examining perceived vulnerability on IS security innovation adoption. The SLR findings revealed the appropriateness of the existing empirical investigations of the relationship between perceived vulnerability of IS security threats on IS security innovation adoption. Furthermore, the SLR results confirmed that individuals who perceives vulnerable to an IS security threat are more likely to engage in the adoption an IS security innovation. In addition, the study validates the past studies on the relationship between perceived vulnerability and IS security innovation adoption.

Cite This Paper

Mumtaz Abdul Hameed, Nalin Asanka Gamagedara Arachchilage, "On the Impact of Perceived Vulnerability in the Adoption of Information Systems Security Innovations", International Journal of Computer Network and Information Security(IJCNIS), Vol.11, No.4, pp.9-18, 2019. DOI:10.5815/ijcnis.2019.04.02


[1]I. Ajzen, “The Theory of Planned Behaviour,” Organizational Behaviour and Human Decision Processes, vol. 50, pp. 179–211, 1991.
[2]A. Alshboul, “Information Systems Security Measures and Countermeasures: Protecting Organisational Assets from Malicious Attacks,” Communications of the IBIMA, pp. 9p, 2010.
[3]C. L. Anderson and R. Agarwal, “Practicing Safe Computing: A Multimedia Empirical Examination of Home Computer User Security Behavioral Intentions,” MIS Quarterly, vol. 34, no. 3, pp. 613-643, 2010.
[4]N. A. G. Arachchilage and M. A. Hameed, “Integrating Self-efficacy into a Gamified Approach to Thwart Phishing Attacks,” In: The Proceedings of 5th International Conference on Cybercrime and Computer Forensics (ICCCF), 2017.
[5]S. Aurigemma and T. Mattson, T. “Do it OR ELSE! Exploring the Effectiveness of Deterrence on Employee Compliance with Information Security Policies,” In: The Proceedings of 20th American Conference of Information Systems (AMCIS), 2014.
[6]M. N. Banu and S. M. Banu, “A Comprehensive Study of Phishing Attacks,” International Journal of Computer Science and Information Technologies, vol. 4, no. 6, pp. 783-786, 2013.
[7]F. Bélanger, S. Collignon, K. Enget and E. Negangard, “Determinants of Early Conformance with Information Security Policies,” Information and Management, vol. 54, pp. 887-901, 2017.
[8]B. Bulgurcu, H. Cavusoglu and I. Benbasat, “Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness,” MIS quarterly, vol. 34, no. 3, pp. 523-555, 2010.
[9]A. J. Burns, C. Posey, T. L. Roberts and P. B. Lowry, “Examining the Relationship of Organizational Insiders' Psychological Capital with Information Security Threat and Coping Appraisals,” Computers in Human Behavior, vol. 68, pp. 190-209, 2017.
[10]Y. Chen, “Examining Internet Users’ Adaptive and Maladaptive Security Behaviors Using the Extended Parallel Process Model,” In: The Proceedings of International Conference of Information Systems (ICIS), 2017.
[11]T. Chenoweth, R. Minch and T. Gattiker, “Application of Protection Motivation Theory to Adoption of Protective Technologies,” In: The Proceedings of the 42nd Hawaii International Conference on System Sciences (HICSS), 2009.
[12]V. Cho and W. H.Ip, “A Study of BYOD Adoption from the Lens of Threat and Coping Appraisal of its Security Policy,” Enterprise Information Systems, vol. 12, no. 6, pp. 659-673, 2018.
[13]H. Chou and C. Chien, “An Analysis of Multiple Factors Relating to Teachers Problematic Information Security Behavior,” Computers in Human Behavior, vol. 65, pp. 334-345, 2016.
[14]R. E. Crossler, “Protection Motivation Theory: Understanding Determinants to Backing up Personal Data,” In: The Proceedings of the 43rd Hawaii International Conference on System Sciences (HICSS), 2010.
[15]C. P. Deans, K. R. Karawan, M. D. Goslar, D. A. Ricks and B. Toyne, “Identification of Key International Information Systems Issues,” Journal of High Technology Management Review, vol. 2, no. 1, pp. 57-81, 1991.
[16]Y. S. Feruza and T. Kim, “IT Security Review: Privacy, Protection, Access Control, Assurance and System Security,” International Journal of Multimedia and Ubiquitous Engineering, vol. 2, no. 2, pp. 17-32, 2007.
[17]M. Fishbein and I. Ajzen, “Belief, Attitude, Intention and Behaviour: An Introduction to Theory and Research,” Addison-Wesley, Reading, MA, 1975.
[18]D. L. Floyd, S. Prentice-Dunn and R. W. Rogers, “A Meta-Analysis of Research on Protection Motivation Theory,” Journal of Applied Social Psychology, vol. 30, no. 2, pp. 106-143, 2000.
[19]M. A. Hameed and N. A. G. Arachchilage, “A Model for the Adoption Process of Information System Security Innovations in Organisations: A Theoretical Perspective,” In: The Proceeding of the 27th Australasian Conference on Information Systems (ACIS), 2016.
[20]M. A. Hameed and S. Counsell, “Assessing the Influence of Environmental and CEO Characteristics for Adoption of Information Technology in Organizations,” Journal of Technology Management and Innovation, vol. 7, no. 1, pp. 64-84, 2012.
[21]M. A. Hameed and S. Counsell, “Establishing Relationship between Innovation Characteristics and IT Innovation Adoption in Organisations: A Meta-analysis Approach,” International Journal of Innovation Management, vol. 18, no. 1, pp. 41, 2014.
[22]M. A. Hameed and S. Counsell, “User Acceptance Determinants of Information Technology Innovation in Organisations,” International Journal of Innovation and Technology Management, vol. 11, no. 5, pp. 17, 2014.
[23]M. A. Hameed, S. Counsell and S. Swift, “A Meta-analysis of Relationships between Organisational Characteristics and IT Innovation Adoption in Organisations,” Information and Management, vol. 49, no. 5, pp. 218-232, 2012.
[24]B. Hanus and Y. A. Wu, “Impact of Users’ Security Awareness on Desktop Security Behavior: A Protection Motivation Theory Perspective,” Information Systems Management, vol. 33, No: 1, pp. 2-16, 2016.
[25]T. Herath, R. Chen, J. Wang, K. Banjara, J. Wilbur and H. Rao, “Security Services as Coping Mechanisms: An Investigation into User Intention to Adopt an Email Authentication Service,” Information Systems Journal, vol. 24, no. 1, pp. 61-84, 2014.
[26]T. Herath and H. R. Rao, “Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organizations,” European Journal of Information Systems, vol. 18, no. 2, pp. 106-125, 2009.
[27]J. E. Hunter, F. L. Schmidt and G. B. Jackson, “Meta-Analysis,” Beverly Hills, CA: Sage, 1982.
[28]P. Ifinedo, “Understanding Information Systems Security Policy Compliance: An Integration of the Theory of Planned Behaviour and the Protection Motivation Theory,” Computers and Security, vol. 31, pp. 83-95, 2012.
[29]J. Jansen, and P. Van Schaik, “Persuading End Users to Act Cautiously Online: Initial Findings of a Fear Appeals Study on Phishing,” In: The Proceedings of 11th International Symposium on Human Aspects of Information Security and Assurance (HAISA), 2017.
[30]A. C. Johnston, and M. Warkentin, “Fear Appeal and Information Security Behaviors: An Empirical Study,” MIS Quarterly, vol. 34, no. 3, pp. 549-566, 2010.
[31]F. Lai, D. Li, and C. Hsieh, (2012). “Fighting Identity Theft: The Coping Perspective,” Decision Support Systems, vol. 52, pp. 353-363, 2012.
[32]D. Lee, R. Larose, and N. Rifon, “Keeping Our Network Safe: A Model of Online Protection Behaviour,” Behaviour and Information Technology, vol. 27, no. 5, pp. 445–454, 2008.
[33]Y. Lee, and K. R. Larsen, “Threat or Coping Appraisal: Determinants of SMB Executive’s Decision to Adopt Anti-malware Software,” European Journal of Information Systems, vol. 18, no. 2, pp. 177-187, 2009.
[34]Y. Li, J. Wang, and H. R. Rao, “Adoption of Identity Protection Service: An Integrated Protection Motivation - Precaution Adoption Process Model,” In: The Proceedings of 23rd Americas Conference on Information Systems (AMCIS), 2017.
[35]H. Liang, and Y. Xue, “Understanding Security Behaviors in Personal Computer Usage: A Threat Avoidance Perspective,” Journal of the Association for Information Systems, vol. 11, no. 7, pp. 394-414, 2010.
[36]G. A. Liyanarachchi, “Feasibility of using Student Subjects in Accounting Experiments: A Review,” Pacific Accounting Review, vol. 19, no. 1, pp. 47-67, 2007.
[37]V. Luu, L. Land and W. Chin, “Safeguarding Against Romance Scams – Using Protection Motivation Theory,” In: The Proceedings of the 25th European Conference on Information Systems (ECIS), 2017.
[38]P. Meso, Y. Ding, and S. Xu, “Applying Protection Motivation Theory to Information Security Training for College Students,” Journal of Information Privacy and Security, vol. 9, no. 1, pp. 47-67, 2013.
[39]N. Mohamed and I. Ahmad, “Information Privacy Concerns, Antecedents and Privacy Measure Use in Social Networking Sites: Evidence from Malaysia,” Computers in Human Behavior, vol. 28, pp. 2366–2375, 2012.
[40]F. Mwagwabi, T. McGill and M. Dixon, “Short-term and Long-term Effects of Fear Appeals in Improving Compliance with Password Guidelines,” Communications of the Association for Information Systems, vol. 42, pp 147-182, 2018.
[41]B. Y. Ng, A. Kankanhalli and Y. Xu, “Studying Users' Computer Security Behavior Using the Health Belief Model,” Decision Support Systems, vol. 46, no. 4, pp. 815-825, 2009.
[42]R.W. Rogers, “A Protection Motivation Theory of Fear Appeals and Attitude Change,” The Journal of Psychology, vol. 91, pp. 93–114, 1975
[43]R.W. Rogers, “Cognitive and Physiological Processes in Fear Appeals and Attitude Change: A Revised Theory of Protection Motivation,” In: J. Cacioppo and R. Petty (Eds.), Social Psychophysiology. New York: Guilford Press, pp. 153-176, 1983.
[44]M. L. Sher, P. C. Talley, C. W. Yang, and K. M. Kuo, “Compliance with Electronic Medical Records Privacy Policy: An Empirical Investigation of Hospital Information Technology Staff,” The Journal of Health Care Organization, Provision, and Financing, vol. 54, pp. 1-12, 2017.
[45]D. Sikolia, D. Twitchell, and G. Sagers, “Protection Motivation and Deterrence: Evidence from a Fortune 100 Company,” AIS Transactions on Replication Research,
vol. 4, 2018.
[46]M. Siponen, M. A. Mahmood and S. Pahnila, “Employees’ Adherence to Information Security Policies: An Exploratory Feld Study,” Information and Management, vol. 51, pp. 217-224, 2014.
[47]J. Stanton, K. Stam, P. Mastrangelo and J. Jolton, “Analysis of End User Security Behaviors,” Computers and Security, vol. 24, no, 2, pp 124-133, 2005.
[48]D. W. Sumiyana, “Could Affectivity Compete Better than Efficacy in Describing and Explaining Individuals' Coping Behavior: An Empirical Investigation,” Journal of High Technology Management Research, vol. 29, pp. 57–70, 2018.
[49]M. B. Tannenbaum, J. Hepler, R. S. Zimmerman, L. Saul, S. Jacobs, K. Wilson and D. Albarracín, “Appealing to Fear: A Meta-analysis of Fear Appeal Effectiveness and Theories,” Psychological Bulletin, vol. 141, no. 6, pp. 1178-1204, 2015.
[50]N. Thompson, T. J. McGill and X. Wang, “Security Begins at Home: Determinants of Home Computer and Mobile Device Security Behavior,” Computer and Security, vol. 70, pp. 376-391, 2017.
[51]L. G. Tornatsky and M. Fleischer, “The Process of Technological Innovation,” Lexington Books, 1990.
[52]H. Y. S. Tsai, M. Jiang, S. Alhabash, R. LaRose, N. J. Rifon, and S. R. Cotten, “Understanding Online Safety Behaviors: A Protection Motivation Theory Perspective,” Computers and Security, vol. 59, pp. 138-150, 2016.
[53]C. Z. Tu, J. Adkins, and G. Y. Zhao, “Complying with BYOD Security Policies: A Moderation Model,” In: The Proceedings of the Midwest Association for Information System (MWAIS) 25, 2018.
[54]A. Vance, M. Siponen and S. Pahnila, “Motivating IS Security Compliance: Insights from Habit and Protection Motivation Theory,” Information and Management, vol. 49, pp. 190-198, 2012.
[55]S. F. Verkijika, “Understanding Smartphone Security Behaviors: An Extension of the Protection Motivation Theory with Anticipated Regret,” Computer and Security, (Article in Press), 2018.
[56]M. Warkentin, A. C. Johnston, J. Shropshire and W. D. Barnett, “Continuance of Protective Security Behavior: A Longitudinal Study,” Decision Support Systems, vol. 92, pp. 25–35, 2016.
[57]M. Workman, W. Bommer, and D. Straub, “Security Lapses and the Omission of Information Security Measures: A Threat Control Model and Empirical Test,” Computers in Human Behavior, vol. 24, pp. 2799-2816, 2008.
[58]C. Yoon, J. W. Hwang and R. Kim, “Exploring Factors that Influence Students' Behaviors in Information Security,” Journal of Information Systems Education, vol. 23, no. 4, pp. 407-417, 2012.
[59]X. Zhang, S. Liu, X. Chen, L. Wang, B. Gao and Q. Zhu, “Health Information Privacy Concerns, Antecedents, and Information Disclosure Intention in Online Health Communities,” Information and Management, vol. 55, pp. 482-493, 2018.
[60]R. W. Zmud, “Diffusion of Modern Software Practices: Influence of Centralization and Formalization,” Management Science, vol. 28, no.12, pp. 1421–1431, 1982.