Protection Motivation Theory in information security behavior research: reconsidering the fundamentals

Mikko Siponen, Mikko Rönkkö, Liu Fufan, Steffi Haag, Gabriella Laatikainen

Research output: Contribution to journalArticleScientificpeer-review

2 Citations (Scopus)

Abstract

Scholars commonly use protection motivation theory (PMT) by Rogers to examine information systems (IS) security behaviors and behavioral intentions. A recent influential paper by Boss, Galletta, Lowry, Moody, and Polak (2015; hereafter BGLMP) in MIS Quarterly outlines correct and incorrect uses of PMT in Information Security behavior research. In this paper, we review some of BGLMP’s key recommendations, such as the claim that all IS behavior studies that apply PMT should always use the model of the full theory, contain and measure fear, and measure actual behaviors. We defend an interpretation of Rogers (1975, 1983) that differs from the interpretation that BGLMP propose. We present evidence that Rogers’ PMT and the empirical evidence do not adequately support many of BGLMP’s suggestions and that these suggestions contradict good scientific practices (e.g., restricting the use of the method of isolation) that the philosophy of science and the original literature on PMT uphold. As a result, if reviewers and editors continue to embrace these recommendations, they could hinder the progress of IS behavior research by not allowing isolation or the combination of different theoretical components. In contrast to BGLMP’s paper, we argue that further PMT research can focus on isolated PMT components and combine them with other theories. Some of our ideas (e.g., isolation) are not PMT-specific and could be useful for IS research in general. In summary, we contest BGLMP’s recommendations and offer revised recommendations in return.
Original languageEnglish
Pages (from-to)1136-1165
Number of pages30
JournalCommunications of the Association for Information Systems
Volume53
DOIs
Publication statusPublished - 2024
MoE publication typeA1 Journal article-refereed

Keywords

  • Behavioral Information Security
  • Fear Appeal
  • Infosec Behavior
  • Protection Motivation Theory
  • Security Threat
  • Threat Message
  • Threatening Communication

Fingerprint

Dive into the research topics of 'Protection Motivation Theory in information security behavior research: reconsidering the fundamentals'. Together they form a unique fingerprint.

Cite this