IDEAS home Printed from https://ideas.repec.org/a/taf/tjisxx/v25y2016i4p364-390.html
   My bibliography  Save this article

How users perceive and respond to security messages: a NeuroIS research agenda and empirical study

Author

Listed:
  • Bonnie Brinton Anderson
  • Anthony Vance
  • C Brock Kirwan
  • David Eargle
  • Jeffrey L Jenkins

Abstract

Users are vital to the information security of organizations. In spite of technical safeguards, users make many critical security decisions. An example is users’ responses to security messages – discrete communication designed to persuade users to either impair or improve their security status. Research shows that although users are highly susceptible to malicious messages (e.g., phishing attacks), they are highly resistant to protective messages such as security warnings. Research is therefore needed to better understand how users perceive and respond to security messages. In this article, we argue for the potential of NeuroIS – cognitive neuroscience applied to Information Systems – to shed new light on users’ reception of security messages in the areas of (1) habituation, (2) stress, (3) fear, and (4) dual-task interference. We present an illustrative study that shows the value of using NeuroIS to investigate one of our research questions. This example uses eye tracking to gain unique insight into how habituation occurs when people repeatedly view security messages, allowing us to design more effective security messages. Our results indicate that the eye movement-based memory (EMM) effect is a cause of habituation to security messages – a phenomenon in which people unconsciously scrutinize stimuli that they have previously seen less than other stimuli. We show that after only a few exposures to a warning, this neural aspect of habituation sets in rapidly, and continues with further repetitions. We also created a polymorphic warning that continually updates its appearance and found that it is effective in substantially reducing the rate of habituation as measured by the EMM effect. Our research agenda and empirical example demonstrate the promise of using NeuroIS to gain novel insight into users’ responses to security messages that will encourage more secure user behaviors and facilitate more effective security message designs.

Suggested Citation

  • Bonnie Brinton Anderson & Anthony Vance & C Brock Kirwan & David Eargle & Jeffrey L Jenkins, 2016. "How users perceive and respond to security messages: a NeuroIS research agenda and empirical study," European Journal of Information Systems, Taylor & Francis Journals, vol. 25(4), pages 364-390, July.
  • Handle: RePEc:taf:tjisxx:v:25:y:2016:i:4:p:364-390
    DOI: 10.1057/ejis.2015.21
    as

    Download full text from publisher

    File URL: http://hdl.handle.net/10.1057/ejis.2015.21
    Download Restriction: Access to full text is restricted to subscribers.

    File URL: https://libkey.io/10.1057/ejis.2015.21?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Ahmed Abbasi & David Dobolyi & Anthony Vance & Fatemeh Mariam Zahedi, 2021. "The Phishing Funnel Model: A Design Artifact to Predict User Susceptibility to Phishing Websites," Information Systems Research, INFORMS, vol. 32(2), pages 410-436, June.

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:taf:tjisxx:v:25:y:2016:i:4:p:364-390. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Chris Longhurst (email available below). General contact details of provider: http://www.tandfonline.com/tjis .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.