Employee non-compliance is at the heart of many of today’s security incidents. Training programs often employ fear appeals to motivate individuals to follow policy and take action to reduce security risks. While the literature shows that fear appeals drive intent to comply, there is much less evidence of their impact after intention is formed. Building on IPAM – a process nuanced model for compliance training and assessment – this study contrasts the impact of fear appeals vs. self-efficacy priming on ransomware training. In our proposed study, a pool of students will participate in a three-step series of training events. Some participants will encounter enhanced fear appeals at each step while others will be presented with materials that include priming signals intended to foster development of increased self-efficacy. Previously identified drivers of behavior (intent, processed-nuanced forms of self-efficacy, and outcome expectations) are measured so that the effect of the treatments can be contrasted. A scenario agreement methodology is used to indicate behavior as a dependent variable. We expect to show that while fear appeals are useful and help build intent to comply at the motivational stage, process-nuanced self-efficacy treatments are expected have a stronger effect on behavior post-intentional.
Curry, Michael; Marshall, Byron; Crossler, Robert E.; and Correia, John, "FEAR APPEALS VERSUS PRIMING IN RANSOMWARE TRAINING" (2018). WISP 2018 Proceedings. 1.