Daniel A. Pienta scite author profile

A substantial amount of previous research has examined the efficacy of fear appeals to elicit security-enhancing behaviors from users. However, despite more than a decade of research on fear appeals in security contexts, researchers have yet to understand which factors drive users’ responses to fear appeals. Instead, the literature is riddled with inconsistent findings on the antecedents that predict fear-appeal outcomes, fueling controversy and inhibiting progress on the problem. This research addresses the inconsistent findings by using construal level theory (CLT) to explain how temporal distance and argument nature affect fear-appeal appraisal. Based on two online experiments, we report evidence showing that temporal distance determines which antecedents drive fear-appeal outcomes, which helps explain inconsistent results found in prior literature. Moreover, we found that depending on the temporal distance condition, argument nature (i.e., “how” or “why” arguments) can impact the effectiveness of fear appeals. Overall, our findings refine the understanding of when certain factors influence users’ responses to fear appeals and provide guidance for future research on how to create more effective fear appeals.

show abstract

IS Information Systems a (Social) Science?

Thatcher¹,

Pu²,

Pienta³

2018

CAIS

View full text Add to dashboard Cite

Can Trust be Trusted in Cybersecurity?

Pienta¹,

Tams²,

Thatcher³

2020

View full text Add to dashboard Cite

Human compliance in cybersecurity continues to be a persistent problem for organizations. This researchin-progress advances theoretical understanding of the negative effects of trust formed between individuals and the cybersecurity function (i.e., those responsible for protection), cybersecurity system (i.e., the protective technologies), and organization (i.e., those verifying (e.g., hiring, championing, vouching.) the cybersecurity department) that leads to suboptimal compliance behaviors. In contrast to the current information security literature that focuses on how organizations can induce compliance, this study begins to provide understanding into the degradation of compliance through organizational actions. Additionally, understanding is provided on how to combat the negative effects of trust. An integrated model is conceptualized using the theories of trust and attention. This model provides the theoretical foundation to study the role of dark side trust in the context of cybersecurity and provides initial mechanisms to reduce it. By developing this conceptualization of dark side trust and model, this study contributes to the general study of trust in information systems research outside of the domain of cybersecurity.

show abstract

Protecting a whale in a sea of phish

Pienta

Thatcher

Johnston

2020

Journal of Information Technology

View full text Add to dashboard Cite

Whaling is one of the most financially damaging, well-known, effective cyberattacks employed by sophisticated cybercriminals. Although whaling largely consists of sending a simplistic email message to a whale (i.e. a high-value target in an organization), it can result in large payoffs for cybercriminals, in terms of money or data stolen from organizations. While a legitimate cybersecurity threat, little information security research has directed attention toward whaling. In this study, we begin to provide an initial understanding of what makes whaling such a pernicious problem for organizations, executives, or celebrities (e.g. whales), and those charged with protecting them. We do this by defining whaling, delineating it from general phishing and spear phishing, presenting real-world cases of whaling, and provide guidance on future information security research on whaling. We find that whaling is far more complex than general phishing and spear phishing, spans multiple domains (e.g. work and personal), and potentially results in spillover effects that ripple across the organization. We conclude with a discussion of promising future directions for whaling and information security research.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Daniel A. Pienta

The Effectiveness of Abstract Versus Concrete Fear Appeals in Information Security

Improving the Design of Information Security Messages by Leveraging the Effects of Temporal Distance and Argument Nature

IS Information Systems a (Social) Science?

Can Trust be Trusted in Cybersecurity?

Protecting a whale in a sea of phish

Contact Info

Product

Resources

About