Response to a phishing attack: persuasion and protection motivation in an organizational context. (9th August 2021)
- Record Type:
- Journal Article
- Title:
- Response to a phishing attack: persuasion and protection motivation in an organizational context. (9th August 2021)
- Main Title:
- Response to a phishing attack: persuasion and protection motivation in an organizational context
- Authors:
- Bayl-Smith, Piers
Taib, Ronnie
Yu, Kun
Wiggins, Mark - Abstract:
- Abstract : Purpose: This study aims to examine the effect of cybersecurity threat and efficacy upon click-through, response to a phishing attack: persuasion and protection motivation in an organizational context. Design/methodology/approach: In a simulated field trial conducted in a financial institute, via PhishMe, employees were randomly sent one of five possible emails using a set persuasion strategy. Participants were then invited to complete an online survey to identify possible protective factors associated with clicking and reporting behavior ( N = 2, 918). The items of interest included perceived threat severity, threat susceptibility, response efficacy and personal efficacy. Findings: The results indicate that response behaviors vary significantly across different persuasion strategies. Perceptions of threat susceptibility increased the likelihood of reporting behavior beyond clicking behavior. Threat susceptibility and organizational response efficacy were also associated with increased odds of not responding to the simulated phishing email attack. Practical implications: This study again highlights human susceptibility to phishing attacks in the presence of social engineering strategies. The results suggest heightened awareness of phishing threats and responsibility to personal cybersecurity are key to ensuring secure business environments. Originality/value: The authors extend existing phishing literature by investigating not only click-through behavior, but alsoAbstract : Purpose: This study aims to examine the effect of cybersecurity threat and efficacy upon click-through, response to a phishing attack: persuasion and protection motivation in an organizational context. Design/methodology/approach: In a simulated field trial conducted in a financial institute, via PhishMe, employees were randomly sent one of five possible emails using a set persuasion strategy. Participants were then invited to complete an online survey to identify possible protective factors associated with clicking and reporting behavior ( N = 2, 918). The items of interest included perceived threat severity, threat susceptibility, response efficacy and personal efficacy. Findings: The results indicate that response behaviors vary significantly across different persuasion strategies. Perceptions of threat susceptibility increased the likelihood of reporting behavior beyond clicking behavior. Threat susceptibility and organizational response efficacy were also associated with increased odds of not responding to the simulated phishing email attack. Practical implications: This study again highlights human susceptibility to phishing attacks in the presence of social engineering strategies. The results suggest heightened awareness of phishing threats and responsibility to personal cybersecurity are key to ensuring secure business environments. Originality/value: The authors extend existing phishing literature by investigating not only click-through behavior, but also no-response and reporting behaviors. Furthermore, the authors observed the relative effectiveness of persuasion strategies used in phishing emails as they compete to manipulate unsafe email behavior. … (more)
- Is Part Of:
- Information and computer security. Volume 30:Number 1(2022)
- Journal:
- Information and computer security
- Issue:
- Volume 30:Number 1(2022)
- Issue Display:
- Volume 30, Issue 1 (2022)
- Year:
- 2022
- Volume:
- 30
- Issue:
- 1
- Issue Sort Value:
- 2022-0030-0001-0000
- Page Start:
- 63
- Page End:
- 78
- Publication Date:
- 2021-08-09
- Subjects:
- Computer security -- Protection motivation theory -- Phishing -- Social engineering
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-02-2021-0021 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 25265.xml