Modeling user behaviour in response to cyberthreats

Abstract

Considerable challenges exist for the average computer user, organizations and indeed governmental agencies with the advent and evolution of threats directed against the computer user today. Combating cyberthreats has not only become a highly politicized issue but also a lucrative one as is evidenced from the growth in information security workforce. In conjunction with the nebulous existence of threats there is also an implied sense of calculability, even predictability, as often proclaimed by many security industry experts and academics. The end user must still make an independent decision on whether to react to these threats or not. To attempt to understand end user motivations when faced with threats, attitude-behaviour models are sometimes used. The theory of planned behaviour has been adapted to understand the impact of factors which may trigger behaviours in end users to deal with a cyberthreat. The model suggests that end users' intentions are not significantly mediated by their attitudes, perceived abilities to prevent threats or perceptions of their peer group. (7 pages)