The cybercitizen dimension: A quantitative study using a threat avoidance perspective

The importance of information security is understated and theory-based empirical research that explains computer users voluntary IT threat avoidance behavior is lacking. Most existing information security research on individual behaviors has been focused in organizational settings where the threat avoidance behavior is mandatory and dictated by security policies and procedures. This quantitative, correlational, nonexperimental study is grounded on the technology threat avoidance theory (TTAT) that explains why personal computer users employ antimalware software to avoid the threat of malware in voluntary settings. The basic premise of TTAT is that when users perceive an IT threat, they are motivated to actively avoid the threat by taking safeguarding measures if the threat is thought to be avoidable. The experimental group findings revealed that perceived threat, safeguard effectiveness, safeguard cost, and self-efficacy influenced avoidance motivation. The control group findings revealed that perceived threat had no significant relationship influencing avoidance motivation. However, all other factors influenced avoidance motivation. In addition, avoidance motivation was determined by avoidance behavior for both groups. Perceived threat was determined by severity but not perceived susceptibility for the experimental group and perceived threat was determined by severity and perceived susceptibility for the control group. Consequently, perceived threat negatively moderated the relationship between avoidance motivation and safeguard effectiveness for both groups. Since TTAT is in its infancy, future research efforts should theoretically extend TTAT more comprehensively by exploring other threats and populations in order to enhance our understanding of IT security phenomena in voluntary settings.