The impact of information security threat awareness on privacy-protective behaviors

A machine learning model to predict privacy fatigued users from social media personalized advertisements

The increasing use of social media platforms as personalized advertising channels is a double-edged sword. A high level of personalization on these platforms increases users' sense of losing control over personal data: This could trigger the privacy fatigue phenomenon manifested in emotional exhaustion and cynicism toward privacy, which leads to a lack of privacy-protective behavior. Machine learning has shown its effectiveness in the early prediction of people's psychological state to avoid such consequences. Therefore, this study aims to classify users with low and medium-to-high levels of privacy fatigue, based on their information privacy awareness and big-five personality traits. A dataset was collected from 538 participants via an online questionnaire. The prediction models were built using the Support Vector Machine, Naïve Bayes, K-Nearest Neighbors, Decision Tree, and Random Forest classifiers, based on the literature. The results showed that awareness and conscientiousness trait have a significant relationship with privacy fatigue. Support Vector Machine and Naïve Bayes classifiers outperformed the other classifiers by attaining a classification accuracy of 78%, F1 of 87%, recall of 100% and 98%, and precision of 78% and 79% respectively, using five-fold cross-validation.

A systematic literature review of the role of trust and security on Fintech adoption in banking

Fintech's development has amplified cybercrime, prompting trust and security concerns in banking. While earlier research predominantly viewed Fintech adoption through a tech-centric lens, emphasising its benefits, there is a paucity of studies on cognitive resistance arising from Fintech controversies. This review synthesises previous Fintech literature on behavioural intentions in banking, emphasising the role of trust, security, and other factors, and highlights existing research gaps. Utilising the ROSES (RepOrting standards for Systematic Evidence Syntheses) framework, a Systematic Literature Review was conducted, analysing 26 articles from Scopus and Web of Science (WoS) databases (2009-2022). Thematic analysis produces five primary themes (UTAUT2 variables; risk; trust; quality; and other), branching into 24 sub-themes. The weight analysis emphasises the best well-utilised predictors like performance expectancy, trust, security, perceived usefulness, and attitude. In addition, the review identifies research gaps and offers recommendations for future studies using the TCCM (Theory, Context, Constructs, and Method) framework. This research provides insights to Fintech companies and regulatory authorities on the preferred attributes of Fintech services that can enhance their adoption within the banking sector.

The impact of work pressure and work completion justification on intentional nonmalicious information security policy violation intention

As businesses have had to change how they operate due to the coronavirus pandemic, the need for remote work has risen. With the continuous advancements in technology and increases in typical job demands, employees need to increase their work productivity beyond regular work hours in the office. This type of work environment creates even more opportunities for security breaches due to employees intentionally violating information security policy violations. Although explicitly prohibited by information security policies (ISP), organizations have observed that employees bring critical data out of the office to complete their work responsibilities remotely. Consequently, developing a deeper understanding of how work pressure may influence employees to violate ISPs intentionally is crucial for organizations to protect their critical information better. Based upon the fraud triangle theory, this study proposes the opportunity to copy critical data, work pressure, and work completion justification as the primary motivational factors behind why employees copy critical company data to unsecured storage devices to work at home. A survey was conducted of 207 employees from a marketing research firm. The results suggest that opportunity, work pressure, and work completion justification are positively related to nonmalicious ISP violation intentions. Furthermore, the interaction effect between work completion justification and work pressure on the ISP violation intention is significant and positive. This study provides new insights into our understanding of the roles of work pressure and work completion justification on intentional nonmalicious ISP violation behaviors.

Financial information security behavior in online banking

The ubiquitous use of information technology in modern life leads to many problems of financial information security. Such security issues could be due to users’ insecure behaviors during their financial transactions. The purpose of this study was to investigate the university teacher's financial information security behavior (FISB) and to examine the factors that influence their FISB. By using a survey method, the study collected primary data quantitatively. A closed-ended questionnaire based on IMB Model (Information Motivation Behavioral Skills Model) was developed. The population of the study comprised teachers from six faculties of University of the Punjab, Lahore, Pakistan. A simple random sampling technique was used to collect the data from the teachers via a print-format based questionnaire. The structural equation model (SEM) was used to test the proposed model by using ADANCO (2.1). ADANCO is a software that is used for SEM analysis. The results exhibited that a majority of the teachers are frequent users of online banking. The findings confirmed that measures familiarity and self-efficacy have a direct impact on the financial information security behavior of the respondents and self-efficacy mediates the relation between threat awareness and financial information security behavior. The study concludes that online banking users can perform secure behavior during online transactions if they are familiar with security measures and are confident to perform different online banking-related tasks. It is, therefore, suggested that individuals may be familiarized with the financial information security measures so that they may believe in their selves and develop secure financial information behavior. This can be done through awareness seminars and hands-on training by the Federal Investigation Agency in liaison with banks and educational institutions. The present study has contributed to the domain of financial information security behavior in the local context.

The Impact of Data Vulnerability in Online Health Communities: An Institutional Assurance Perspective

In the last few years, online health communities (OHCs) have experienced rapid development due to advances in technology and the COVID-19 pandemic. However, the sensitive nature of medical information has also raised concerns from users about their privacy and reduced their intention to use OHCs. Considering the critical role of data privacy, this study explored the effect of data vulnerability on OHC users. Using online survey data collected from 438 OHC users in China, we found that data vulnerability significantly reduced psychological comfort, while the latter enhanced continuance intention. We also found that psychological comfort negatively mediated the impact of data vulnerability on continuance intention. Institutional assurance approaches, namely privacy policy, privacy protection technology, industry self-regulation, and government legislation, were also found to mitigate the negative impact of data vulnerability on psychological comfort. This study not only contributes to the data privacy, psychological comfort, and institutional assurance literature but also offers suggestions for OHC stakeholders.

Breaking the Data Value-Privacy Paradox in Mobile Mental Health Systems Through User-Centered Privacy Protection: A Web-Based Survey Study

BACKGROUND

Mobile mental health systems (MMHS) have been increasingly developed and deployed in support of monitoring, management, and intervention with regard to patients with mental disorders. However, many of these systems rely on patient data collected by smartphones or other wearable devices to infer patients' mental status, which raises privacy concerns. Such a value-privacy paradox poses significant challenges to patients' adoption and use of MMHS; yet, there has been limited understanding of it.

OBJECTIVE

To address the significant literature gap, this research aims to investigate both the antecedents of patients' privacy concerns and the effects of privacy concerns on their continuous usage intention with regard to MMHS.

METHODS

Using a web-based survey, this research collected data from 170 participants with MMHS experience recruited from online mental health communities and a university community. The data analyses used both repeated analysis of variance and partial least squares regression.

RESULTS

The results showed that data type (P=.003), data stage (P<.001), privacy victimization experience (P=.01), and privacy awareness (P=.08) have positive effects on privacy concerns. Specifically, users report higher privacy concerns for social interaction data (P=.007) and self-reported data (P=.001) than for biometrics data; privacy concerns are higher for data transmission (P=.01) and data sharing (P<.001) than for data collection. Our results also reveal that privacy concerns have an effect on attitude toward privacy protection (P=.001), which in turn affects continuous usage intention with regard to MMHS.

CONCLUSIONS

This study contributes to the literature by deepening our understanding of the data value-privacy paradox in MMHS research. The findings offer practical guidelines for breaking the paradox through the design of user-centered and privacy-preserving MMHS.

The Impact of Organizational Practices on the Information Security Management Performance

Information explosion and pressures are leading organizations to invest heavily in information security to ensure that information technology decisions align with business goals and manage risks. Limited studies have been done using small- and-medium-sized enterprises (SMEs) in the manufacturing sector. Furthermore, a small number of parameters have been used in the previous studies. This research aims to examine and analyze the effect of security organizational practices on information security management performance with many parameters. A model has been developed together with hypotheses to evaluate the impact of organizational practices on information security management performance. The data is collected from 171 UK employees at manufacturing SMEs that had already implemented security policies. The structure equation model is employed via the SPSS Amos 22 tool for the evaluation of results. Our results state that security training, knowledge sharing, security education, and security visibility significantly impact information security performance. In addition, this study highlights a significant impact of both security training and knowledge sharing on trust in the organization. Business leaders and decision-makers can reference the proposed model and the corresponding study results to develop favourable tactics to achieve their goals regarding information security management.

Privacy nudges for disclosure of personal information: A systematic literature review and meta-analysis

OBJECTIVE

Digital nudging has been mooted as a tool to alter user privacy behavior. However, empirical studies on digital nudging have yielded divergent results: while some studies found nudging to be highly effective, other studies found no such effects. Furthermore, previous studies employed a wide range of digital nudges, making it difficult to discern the effectiveness of digital nudging. To address these issues, we performed a systematic review of empirical studies on digital nudging and information disclosure as a specific privacy behavior.

METHOD

The search was conducted in five digital libraries and databases: Scopus, Google Scholar, ACM Digital Library, Web of Science, and Science Direct for peer-reviewed papers published in English after 2006, examining the effects of various nudging strategies on disclosure of personal information online.

RESULTS

The review unveiled 78 papers that employed four categories of nudge interventions: presentation, information, defaults, and incentives, either individually or in combination. A meta-analysis on a subset of papers with available data (n = 54) revealed a significant small-to-medium sized effect of the nudge interventions on disclosure (Hedges' g = 0.32). There was significant variation in the effectiveness of nudging (I2 = 89%), which was partially accounted for by interventions to increase disclosure being more effective than interventions to reduce disclosure. No evidence was found for differences in the effectiveness of nudging with presentation, information, defaults, and incentives interventions.

CONCLUSION

Identifying ways to nudge users into making more informed and desirable privacy decisions is of significant practical and policy value. There is a growing interest in digital privacy nudges for disclosure of personal information, with most empirical papers focusing on nudging with presentation. Further research is needed to elucidate the relative effectiveness of different intervention strategies and how nudges can confound one another.

Exploring potential gender differences in information security and privacy

Purpose

Information technology users often fail to adopt necessary security and privacy measures, leading to increased risk of cybercrimes. There has been limited research on how demographic differences influence information security behaviour and understanding this could be important in identifying users who may be more likely to have poor information security behaviour. This study aims to investigate whether there are any gender differences in security and privacy behaviours and perceptions, to identify potential differences that may have implications for protecting users’ privacy and securing their devices, software and data.

Design/methodology/approach

This paper addresses this research gap by investigating security behaviours and perceptions in the following two studies: one focussing on information security and one on information privacy. Data was collected in both studies using anonymous online surveys.

Findings

This study finds significant differences between men and women in over 40% of the security and privacy behaviours considered, suggesting that overall levels of both are significantly lower for women than for men, with behaviours that require more technical skill being adopted less by female users. Furthermore, individual perceptions exhibited some gender differences.

Originality/value

This research suggests that potential gender differences in some security and privacy behaviours and perceptions should be taken into account when designing information security education, training and awareness initiatives for both organisations and the broader community. This study also provides a strong foundation to explore information security individual differences more deeply.

“What about users?”: Development and validation of the mobile information security awareness scale (MISAS)

Purpose

The current study aimed to develop and validate Mobile Information Security Awareness Scale (MISAS) based on the prototype model for measuring information security awareness and the relevant literature.

Design/methodology/approach

The scale was developed and validated with the participation of 562 students from four universities. The construct validity of the scale was tested through exploratory factor analysis and confirmatory factor analysis.

Findings

The reliability of the scale was tested through corrected item-total correlations and Cronbach alpha. The MISAS includes six factors and 17 items. The identified factors were labeled as backup, instant messaging and navigation, password protection, update, access permission and using others' devices.

Research limitations/implications

The scale included only the human aspects of mobile information security. The technical aspects are not within the scope of this study. For this reason, future studies might develop and validate a different scale focusing on the technical aspects of mobile information security.

Originality/value

The developed scale contributes to the literature on the human aspects of mobile information security.

Information privacy behavior in the use of Facebook apps: A personality-based vulnerability assessment

The unauthorized use of personal information belonging to users of apps integrated with the Facebook platform affects millions of users. Crucially, although privacy concerns and awareness have increased, the use of these apps, and related privacy behaviors, remain largely unchanged. Given that such privacy behaviors are likely influenced by individuals' personality traits, it is imperative to better understand which personality traits make individuals more vulnerable to such unauthorized uses. We build on a recontextualized version of the theory of planned behavior (TPB) to evaluate the influence of the Big Five personality traits on attitudes toward Facebook privacy settings, social norms, and information privacy concerns (IPCs)—all within the context of Facebook app use. To evaluate this study's model, we analyzed 576 survey responses by way of partial least squares path modeling. Results indicate that highly extraverted individuals are particularly vulnerable to privacy violations (e.g., unauthorized use of personal information) because of their negative attitudes toward Facebook privacy settings. Our post hoc analysis uncovered interesting combinations of personality traits that make individuals particularly vulnerable to the unauthorized use of app-based information. In particular, the combination of extraversion and conscientiousness had a negative effect on individuals' attitude toward privacy settings. We also found a significant negative relationship between IPCs and intention to use Facebook apps. Finally, we found a positive relationship between social norms and intentions. Taken together, these results infer that individuals are likely to be influenced by their peers in the use of Facebook apps but that their intentions to use these apps declines as privacy concerns increase.

Telemedicine adoption issues in the United States and Brazil: Perception of healthcare professionals

Telemedicine has recently garnered more attention from healthcare professionals because it provides access to health services to patients in rural areas while making patient healthcare information more vulnerable to security breaches. The objective of this research is to identify factors that play a critical role in possible adoption of telemedicine in the United States and Brazil. A model with eight hypotheses was used to establish a research framework. A survey was conducted involving healthcare professionals in the aforementioned countries. The results show that telemedicine adoption is influenced by policies and culture in both countries and influenced by security and privacy in the United States. It can be inferred from the research that perceptions of the American and Brazilian healthcare professionals are similar in telemedicine issues covered in this research. These healthcare professionals, however, disagree on how patients' privacy should be preserved in the two countries.