Studying users' computer security behavior using the Health Belief Model

Abstract

The increasing frequency of security incidents is a major concern to organizations, and it is therefore important for organizations to protect themselves against security threats. Technological controls are important but not adequate, as the success of security also depends on the effective security behavior of individuals. Information security awareness programs are an important approach but such programs have to be effective in influencing user's behavior. It is thus important to investigate the factors that will influence a user to practice computer security in the context of an organization. With such motivation in mind, this study uses the Health Belief Model, a well-established model from preventive healthcare, to study users' computer security behavior. An instrument was developed based on health and security literature and conceptually validated. Data was collected from 134 employees of different organizations and analyzed using multiple regression analysis. Results show that perceived susceptibility, perceived benefits and self-efficacy are determinants of a user's computer security behavior when applied to exercising care with email attachments. Theoretical and practical implications of this study are discussed.