Investigating the Human Aspects that Influence End User e-Mail Phishing Avoidance Behavior
In today's Global IT business environment news of major data breach attacks continue to appear in the mass media. It has been reported that several high-profile attacks were initiated by e-mail phishing attacks. Despite new and dedicated anti-phishing security applications and services the e-mail phishing threat continues to evolve and target employee weaknesses. Anti-phishing training and education awareness are designed to help end users to recognize deceptive malicious e-mails and focus on the human aspects that make them vulnerable to phishing attacks, but may need to look beyond this approach. Drawing on the Health Belief Model (HBM), Technology Threat Avoidance Theory (TTAT), and Protection Motivation Theory (PMT) this research investigated the effects of end users' perceptions and end user characteristics concerning e-mail anti-phishing behavioral motivation. The specific factors included in the current study are avoidance behavior, avoidance motivation, perceived susceptibility, perceived benefits, perceived costs, self-efficacy, and general security orientation. Avoidance behavior and avoidance motivation were found to be highly correlated and were grouped in this study to form the new dependent variable referred to as anti-phishing behavioral motivation. A developmental model was developed and tested to examine the relationships of the core HBM factors to end-user e-mail security behavioral motivation. The results of this study suggest that end users are more motivated to practice e-mail anti-phishing behavioral motivation because of the perceived benefits associated with avoiding e-mail phishing threats. All of the core HBM factors were found to have a significant relationship with the anti-phishing behavioral motivation variable. In addition, an extended version of the research model was used to examine the interaction effects of general security orientation combined with cues to action on the relationship between self-efficacy and anti-phishing behavioral motivation. This interaction was found to be significant and also improved the anti-phishing behavioral motivation R2 value when compared to the direct SEM model R2 value results. The findings of this research help to identify avenues for improvement of end-user e-mail security behavior and protection against e-mail phishing attacks.