A substantial amount of previous research has examined the efficacy of fear appeals to elicit security-enhancing behaviors from users. However, despite more than a decade of research on fear appeals in security contexts, researchers have yet to understand which factors drive users’ responses to fear appeals. Instead, the literature is riddled with inconsistent findings on the antecedents that predict fear-appeal outcomes, fueling controversy and inhibiting progress on the problem. This research addresses the inconsistent findings by using construal level theory (CLT) to explain how temporal distance and argument nature affect fear-appeal appraisal. Based on two online experiments, we report evidence showing that temporal distance determines which antecedents drive fear-appeal outcomes, which helps explain inconsistent results found in prior literature. Moreover, we found that depending on the temporal distance condition, argument nature (i.e., “how” or “why” arguments) can impact the effectiveness of fear appeals. Overall, our findings refine the understanding of when certain factors influence users’ responses to fear appeals and provide guidance for future research on how to create more effective fear appeals.
Human compliance in cybersecurity continues to be a persistent problem for organizations. This researchin-progress advances theoretical understanding of the negative effects of trust formed between individuals and the cybersecurity function (i.e., those responsible for protection), cybersecurity system (i.e., the protective technologies), and organization (i.e., those verifying (e.g., hiring, championing, vouching.) the cybersecurity department) that leads to suboptimal compliance behaviors. In contrast to the current information security literature that focuses on how organizations can induce compliance, this study begins to provide understanding into the degradation of compliance through organizational actions. Additionally, understanding is provided on how to combat the negative effects of trust. An integrated model is conceptualized using the theories of trust and attention. This model provides the theoretical foundation to study the role of dark side trust in the context of cybersecurity and provides initial mechanisms to reduce it. By developing this conceptualization of dark side trust and model, this study contributes to the general study of trust in information systems research outside of the domain of cybersecurity.
Whaling is one of the most financially damaging, well-known, effective cyberattacks employed by sophisticated cybercriminals. Although whaling largely consists of sending a simplistic email message to a whale (i.e. a high-value target in an organization), it can result in large payoffs for cybercriminals, in terms of money or data stolen from organizations. While a legitimate cybersecurity threat, little information security research has directed attention toward whaling. In this study, we begin to provide an initial understanding of what makes whaling such a pernicious problem for organizations, executives, or celebrities (e.g. whales), and those charged with protecting them. We do this by defining whaling, delineating it from general phishing and spear phishing, presenting real-world cases of whaling, and provide guidance on future information security research on whaling. We find that whaling is far more complex than general phishing and spear phishing, spans multiple domains (e.g. work and personal), and potentially results in spillover effects that ripple across the organization. We conclude with a discussion of promising future directions for whaling and information security research.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.