The Paradox of Social Media Security:

Users’ Perceptions versus Behaviors

Zahra Alqubaiti Lei Li Jing He
Kennesaw State University Kennesaw State University Kennesaw State University
1100 South Marietta Pkwy 1100 South Marietta Pkwy 1100 South Marietta Pkwy
Marietta, GA 30060 Marietta, GA 30060 Marietta, GA 30060
001-470-578-3915 001-470-578-3915 001-470-578-6039
zalqubai@students.kennesaw.edu lli13@kennesaw.edu jhe4@kennesaw.edu

ABSTRACT Based on the statistics released by Internet World Stats in

Social networking sites have become major targets for cyber-
security attacks due to their massive user base. Many studies
investigated the security vulnerabilities and privacy issues of
social networking sites and made recommendations on how to
mitigate security risks. Users are an integral part of any security
mix. In this paper, we explore the relationship between users’
security perceptions and their actual behavior on social
networking sites. Protection motivation theory (PMT), initially
was developed to study fear appeals, and has been widely used to
examine people’s behavior in information security domains. We
propose that PMT theory can also be adapted to explain and
predict social media users’ behaviors that have security
implications. We plan to use a web-based survey to measure
users’ security awareness on social networking sites and collect
data on their actual behavior. The research design and plan are
presented in accordance to our research.
2015, the number of global Internet users has reached
3,366,261,156 worldwide; this demonstrates a total growth
of 832.5% since 2000 [3]. Nearly two-thirds of American
adults (65%) regularly use social networking web sites, up
from 7% (Figure 1) when the Pew Research Center began
systematically tracking social media usage in 2005 [4]. The
Pew Research Center [4] has found that Facebook remains
by far the most popular social media site in 2014. Other
platforms like Twitter, Instagram, and LinkedIn saw
significant increases over the past year in the proportion of
American adults who now use their sites (Figure 2) [5].

Keywords
Social media security, perceptions, behavior, protection
motivation theory.

1. INTRODUCTION Figure 1. Percentage of all American adults and internet-using

Social media has become an integral part of human society. adults who use at least one social networking site [4]
As web-based services that allow individuals to
communicate with each other via the Internet, social media
can be classified into a number of groups, including:
collaborative projects (e.g. Wikipedia), blogs and
microblogs (e.g. Twitter), social networking sites (e.g.
Facebook, LinkedIn, MySpace), content communities (e.g.
YouTube, Flickr), virtual social worlds (e.g. Second Life)
[1] [2], and virtual game worlds (e.g. C.O.D, “World of
Warcraft”, Sony’s EverQuest) [2].

Permission to make digital or hard copies of all or part of this work for
personal or classroom use is granted without fee provided that copies are
not made or distributed for profit or commercial advantage and that
copies bear this notice and the full citation on the first page. Copyrights
for components of this work owned by others than ACM must be
honored. Abstracting with credit is permitted. To copy otherwise, or
republish, to post on servers or to redistribute to lists, requires prior
specific permission and/or a fee. Request permissions from
Permissions@acm.org.
RIIT'16, September 28-October 01 2016, Boston, MA, USA
© 2016 ACM. ISBN 978-1-4503-4453-1/16/09…$15.00
DOI: http://dx.doi.org/10.1145/2978178.2978187
Figure 2. Percentage of online adults who use social media
websites, 2012-2014 [5]
As part of people’s “online lives,” social networking sites
offer many benefits, ranging from keeping everyone
connected to others anywhere and anytime, to being an
outlet for the latest information on breaking news and
trends, to creating new business opportunities for
individuals and organizations. At the same time, social
media also introduces risks to our community. Social media
sites, as part of the World Wide Web, are inherently subject

29
to security vulnerability imposed by the Web. User privacy
is another important part of social network security
management [6]. People are constantly posting messages,
updating their status, liking or disliking other postings, and
sharing photos and videos. However, what individuals post
or share could potentially violate their privacy and security
on the Web.
Internet Crime Complaint Center (IC3) complaint data
showed 12% of the complaints submitted in 2014 contained
a social media aspect. Complaints involving social media
have quadrupled over the last five years [7]. In most cases,
victims’ personal information was exploited through
compromised accounts or social engineering. A report
published by the Guardian [8] stated that the phenomenon
of social networking crime was comparatively minor in
2008 with 556 reports made to police, according to the
statistics released by 29 police forces in England, Scotland
and Wales. While in 2011, there were 4,908 reports in
which Facebook and Twitter were a factor. This illustrates
an increase by 780% in just four years, resulting in
approximately 650 people being charged in 2011.
Moreover, the National White Collar Crime Center
(NW3C) provides a list of crimes linked to social media; it
includes: burglary, phishing & social engineering, malware,
identity theft, and cyberstalking [9]. According to the
National Cyber Security Alliance (NCSA) in 2011, 15% of
Americans have never checked their social networking
privacy and security account settings [10], while 49% of
social media users have changed their passwords once or
more in 2012, with 6% changing passwords weekly, and at
the same time, 42% have never changed their social media
passwords [11]. According to the Cisco 2013 Annual
Security Report, the highest concentrations of online
security threats are on mass audience sites, including social
media. The report revealed that online advertisements are
182 times more likely to deliver malicious content than
pornography sites [12].
As a vital part of the security solution for social media,
users need to be educated on the threats and vulnerabilities
of social networking sites. More importantly, users’
awareness of the threats should lead to safer online
behavior. However, the correlation between social media
users’ awareness of security and their actual online
behavior has yet to be investigated. Protection motivation
theory (PMT) [13], initially was developed to study fear
appeals by psychologists, and has been widely used to
examine people’s behavior in information security domains.
In this research, we adopt the PMT theory to explore the
relationship of users’ security perceptions and their actual
behavior on social networking sites. We plan to use a web-
based survey to measure users’ security awareness of social
networking sites and collect data on their actual behavior to
30
study how users’ behavior is impacted by their perception
of security threats.
The paper is organized as follows: The Literature Review
section presents current literature on social media security
vulnerabilities and mitigation techniques, and the
relationship between users’ perceptions and behavior. The
next section presents our research hypothesis and the
research questions we addressed. The Research Design
section introduces our research design and research plan.
Finally, we conclude the paper in Discussion section.
2. LITERATURE REVIEW
2.1 Overview of Research on Social Media
Security
Many studies have been conducted on the security
vulnerabilities of social networks. For example, Fokes and
Li [14] surveyed the common security threats to Facebook
and offered some suggestions on how to stay safe on
Facebook. Oehri and Teufel [6] discussed how to form a
security culture in the social networks. Nemati et al. [15]
compared privacy issues among social media users in the
United States and China and explored privacy issues among
users with different levels of Internet addiction and
different online identity perceptions. Based on the literature
reviews, we divided the security threats of social media into
two main categories: platform related and user related.
2.1.1 Platform Related Social Media Threats
In using social network platforms, the user decides how
much private data he or she is willing to share with others.
Most social networks allow a user to set different privacy
settings for confirmed friends in contrast to public strangers
[16]. Zhao et al. [17] assessed the security and vulnerability
of 50 social media sites in terms of (1) privacy and security
policies and their implementation, (2) network information
availability of social media sites, and (3) computer network
system vulnerability to cyber intrusions and attacks.
On a Facebook survey study, Fokes and Li [14] found a
number of platform related vulnerabilities, which should be
addressed by Facebook Inc., including: SMS verification
weaknesses, social authentication, vulnerabilities from
applications, and puppetnets. In late November 2012,
hackers had stolen usernames and passwords for nearly two
million accounts at Facebook, Google, Twitter, Yahoo and
other websites, as researchers at Trustwave said that the
massive data breach was a result of keylogging software
maliciously installed on an untold number of computers
around the world. The virus was capturing log-in
credentials for key websites over a month and sending those
usernames and passwords to a server controlled by the
hackers [18].
2.1.2 User Related Social Media Threats
In 2011, a survey of nearly 4,000 social network users in
the U.S., U.K., and Australia found that the number of
people affected by Koobface and other social networking
malwares reached 18%, compared with 13% in 2010 and
8% in 2009 [19]. FarmVille, which is a popular application
game on Facebook with currently more than 60 million
active users per month [19], allows users to buy in-game
coins with real money from a credit card to buy cattle or
equipment to gain bigger harvests and so on. For users who
do not want to spend real money, many websites offer
cheating tools for the game. These “helper tools” are often
just standard Trojans that will not help in the game at all,
but covertly steal passwords and other information from the
user [19].
Researchers at Alexandru Ioan Cuza University, Romania,
conducted a study on 628 students from the Faculty of
Economy and Business Administration and 200 students
specializing in Accounting and Information Systems. The
study aimed to analyze the degree in which the students are
aware of the general dangers to which they expose
themselves when using social media and to discover the
security measures they use [20]. Many participants in the
Popescul and Georgescu study were unaware of the
technical security threat dangers, such as spoofing,
clickjacking, tag-jacking, phishing, etc. The participants
admitted that they don’t have knowledge about these types
of attacks. Interestingly, more than half of the participants
understood that Facebook can use their data without their
knowledge, that they are not the real owners of their data
and that they can be easily manipulated on Facebook.
The user related vulnerabilities, which can be thwarted by
the users themselves include: fake profiles, Sybil attack,
identity theft, and accessing user accounts even when
blocked [14]. Many times, social networking users are
unaware that security vulnerability poses a serious threat to
themselves and to their friends on the site. Gundecha et al.
[21] stated that three measures can be taken to reduce a
user's vulnerability; (1) the user's privacy settings are
effectively set to protect personal information, (2) the user
has adequate means to protect their friends, (3) the user's
friends must have intentions to protect the user. The study
proposed a methodology and measures for evaluating the
vulnerable user and how to adjust a user's network to best
deal with threats presented by vulnerable friends [21].
Liu and Maes [22] addressed the problem of lack of privacy
awareness and large number of social network profiles
where people describe themselves using a rich vocabulary
of their passions and interests. These issues strengthen the
need for vulnerability research on a social networking site
to make users aware of privacy risks. Even in business
environments, which are also affected by social media
networks, social media provides both opportunities and
31
risks for organizations; thus, from a survey conducted to
determine social media guidelines, Oehri and Teuel [6]
developed a management model for creating, monitoring
and controlling social media security culture.
In summary, many security threats target the users on the
social networking sites due to the nature of their large user
base. Researchers have developed tools and methodologies
to help the users be aware of the threats and risks on the
social networking sites.
2.2 Users Perceptions on Security Threats and
Behavior
One of the most widely used theories to study users’
perception and their behavior in the information security
domain is protection motivation theory (PMT) [13]. PMT
was originally proposed to help clarify fear appeals. It
provides a conceptual framework to study individuals' fear
appeal and behavioral change [23] [24]. According to
Rogers [13], an individual’s intention to protect him or
herself depends on four factors: (1) the perceived severity
of a threatening event; (2) the perceived probability of the
occurrence; (3) the efficacy of the recommended preventive
behavior that an individual expects to carry out; and (4) the
individual’s perceived self-efficacy [13] [24].
The PMT emphasizes two independent cognitive processes
mediating protection motivation: threat appraisals and
coping appraisals [25]. Threat appraisal evaluates
maladaptive behavior; assesses the severity of the situation
and examines how serious the situation is [25]. Coping
appraisal involves the assessment of self-efficacy in
carrying out adaptive protection behavior as well as
perceived response-efficacy [25], where efficacy is the
individual's expectancy that carrying out recommendations
can remove the threat, and self-efficacy is the belief in one's
ability to execute the recommended courses of action
successfully.
Using different applications and tools via the Internet allow
users to experience a variety of online security threats that
require them to enact safety precautions. PMT is a
potentially valuable framework for predicting adoption of
protective technologies and a leading theoretical foundation
in information security research, which helps users avoid
harm from a growing number of negative technologies by
changing their security related behaviors to protect
themselves and their organizations [26].
Built on PMT, Jenkins et al. [27] proposed a solution to
deter password reuse through detection and mitigation. The
researchers hypothesized that introducing just-in-time fear
appeals when a violation is detected will likely decrease
password reuse. In their study, Jenkins et al. [27] found
that, 88.41% of users who received a fear appeal
subsequently created unique passwords, whereas only
4.45% of users who did not receive a fear appeal created
unique passwords [27].
In an investigative study of the influence of fear appeals on
the compliance of end users, Johnston and Warkentin [28]
suggested that fear appeals do impact end user behavioral
intentions to comply with recommended individual acts of
security, but the impact is not uniform across all end users.
Based on an evaluation of the effect of organizational
commitment on employee security compliance intentions,
Herath and Rao [29] suggested that (1) threat perceptions
about the severity of breaches and response perceptions of
response efficacy, self-efficacy, and response costs are
likely to affect policy attitudes; (2) organizational
commitment and social influence have a significant impact
on compliance intentions; and (3) resource availability is a
significant factor in enhancing self-efficacy, which in turn,
is a significant predictor of policy compliance intentions.
The researchers found that employees in their sample
underestimated the probability of security breaches.
Another survey study by Chai et al. [24] provided a
research framework explaining an internet user’s
information privacy protection behavior, and found that
internet users’ information privacy behaviors are affected
by two significant factors: (1) users’ perceived importance
of information privacy and (2) information privacy self-
efficacy. Researchers also found that users believe in the
value of online information privacy and that information
privacy protection behavior varies by gender. Their
findings indicate that educational opportunities regarding
internet privacy and computer security, as well as concerns
from other reference groups (e.g., peer, teacher, and
parents), play an important role in positively affecting the
internet users’ protective behavior regarding online privacy.
3. RESEARCH QUESTIONS AND
HYPOTHESIS
This paper aims to examine the relationship between users’
security awareness and their actual activities on social
networking sites. Specifically, we propose to investigate the
following research questions:
RQ1: What is the users’ level of awareness on security
vulnerabilities in the social networking sites and how do we
measure such awareness?
RQ2: How do the users behave in the social
networking sites when their activities have security
implications?
RQ3: What is the correlation between users’
perceptions and their actual behavior on social networking
sites?
Many studies investigated the users’ perceptions and their
behaviors. The Technology Acceptance Model [30] and its
32
extension models were extensively used to predict users’
acceptance of technology based on their perceptions. In the
security domain, protection motivation theory (PMT) [13]
was widely adopted by researchers to explain users’
behaviors related to information security: examination of
the users’ intentions to adopt anti-spyware software [31];
enforcement of security compliance in organizations [29],
[32]; reduction of the password reuse among users [27]; and
improvement of web users’ online privacy and safety [33].
While protection motivation theory hasn’t been used to
study the users’ security related behaviors on social
networking sites, we believe that it provides a sound
theoretical framework to do so given its success in
information security research. Social networking sites are
part of the World Wide Web. Social media users share
many common characteristics as the users of other websites
or information systems. We argue that the four dimensions
of PMT, including threat severity, threat vulnerability,
response efficacy, and self-efficacy hold similar predicting
power to explain the users’ behavior in social networking
sites. This leads to following hypotheses:
H1. The users’ level of perception of security severity
will positively correlate to the users’ safe behavior on social
networking sites.
H2. The users’ level of perception of the probability of
an occurrence of security threats will positively correlate to
the users’ safe behavior on social networking sites.
H3. The users’ perception of the level of difficulty on
the response efficacy of security threats will negatively
correlate to the users’ safe behavior on social networking
sites.
H4. The users’ level of perception of self-efficacy in
information security will positively correlate to the users’
safe behavior on social networking sites.
Alternatively, users’ behaviors have distinctive patterns
when using social networking sites comparing to their
behavior on other sites such as e-commence websites. Users
engage in a social media site to interact with their friends.
They may feel peer pressure to share information or
respond to the postings made by their friends. The sharing
environment may significantly increase the difficulty level
of the response efficacy. In other words, even if a user
knows a particular activity (e.g., posting a picture with geo-
tag on it) may violate his/her privacy, the user may still post
the picture because of the strong desire to share with friends
and family members. Therefore, we argue that response
efficacy will have stronger predicting power than the three
other dimensions of PMT theory.
H5. The response efficacy will have more power to
predict users’ security related behavior on social
networking sites than threat severity, self-efficacy, or
security threat probability.
4. RESEARCH DESIGN
In this paper, we use a web-based survey as the main
research method. We propose to use Facebook as the social
media platform as it is one of most popular social
networking sites. Undergraduate students and graduate
students from a large public university in the southeast of
the United States will be recruited as research subjects.
College students not only provide a convenient sample pool
and but are a good representation of social media users.
A web-based questionnaire will be developed to collect
data in two categories:
1). Users’ demographic or background information.
We will collect the participants’ usage pattern of social
networking sites and their personal experience of security
breaches. The latter factor could have significant impact on
the individual’ security awareness.
2). Social media users’ perception of security
vulnerabilities and behavior. The security awareness
construct will be developed based on the protection
motivation theory. Specifically, we will adopt the survey
instrument used by Jenkins et al. [27], and measure the
participants’ self-efficacy on security. To measure three
other factors of PMT and users’ behavior, we will design
two simulated scenarios that present activities that have
security implications on social networking sites.
Furthermore, the scenarios will have different levels of
response efficacy to counter the security implications. The
participants will be asked to assess the severity of the
security threats and the probability of the occurrence and
indicate their decision on whether to perform the activities.
The survey questionnaire will be tested on a small group of
students in a pilot study. The instrument will then be
revised based on the findings of the pilot study. The validity
and reliability of the instrument will also be tested. The
modified instrument will be administrated to a large group
of students. The survey results will be analyzed to test the
research hypothesis stated in the previous section.
5. DISCUSSION AND CONCLUSION
While playing an essential role in connecting people in the
modern society, social networking sites have become major
targets for cyber-attacks due to their massive user base. In
this paper, we analyze the security threats on social media
and mitigation techniques. We argue that studying the
connection between users’ awareness of security threats and
their corresponding behavior is a vital component in social
media security. Protection motivation theory has been
widely used to examine people’s behavior in information
security domain. We propose that PMT theory can also be
adapted to explain and predict social media users’
33
behaviors that have security implications. A web-based
survey is developed to test our research hypotheses.
The study is research in progress. Once completed, this
paper will extend the application of PMT to the social
media domain, fill the gaps in user behavior research in the
social media security field, and build a strong base to
promote safe user behavior on social networking sites.
6. REFERENCES
[1] D. M. Boyd and N. B. Ellison, “Social Network Sites:
Definition, History, and Scholarship,” J. Comput.-Mediat.
Commun., vol. 13, no. 1, pp. 210–230, Nov. 2007.
[4] Kaplan, A. M., and Haenlein, M. 2010. Users of the world,
unite! The challenges and opportunities of Social Media.
Business horizons (53:1), pp. 59-68.
[5] Internet World Stats 2015. World Internet Usage and
Population Statistics. November 30, 2015 - Update.
http://www.internetworldstats.com/stats.htm, Retrieved on:
May 3, 2016.
[3] Perrin, A. 2015. Social Media Usage: 2005-2015. October
8, 2015. Pew Research Center. Available at:
http://www.pewinternet.org/2015/10/08/2015/Social-
Networking-Usage-2005-2015/, Retrieved on: May 3,
2016.
[2] Duggan, M., Ellison, N.B., Lampe, C., Lenhart, A., and
Madden, M. 2015. Social Media Update 2014. Pew
Research Center. Available at:
http://www.pewinternet.org/2015/01/09/social-media-
update-2014/, Retrieve on: May 3, 2016.
[6] C. Oehri and S. Teufel, “Social media security culture -
The Human Dimension in Social Media Management,” Inf.
Secur. South Afr., vol. 4, no. 1, pp. 1–5.
[7] Internet Crime Complaint Center, “Internet Crime Report
2014,” Internet Crime Complaint Center (IC3), 2014.
[8] Press Association, “Social media-related crime reports up
780% in four years,” The Guardian, Dec-2012. [Online].
Available:
http://www.theguardian.com/media/2012/dec/27/social-
media-crime-facebook-twitter. [Accessed: 18-May-2016].
[9] National White Collar Crime Center, “Criminal Use of
Social Media (2013),” The National White Collar Crime
Center (NW3C), 2013.
[10] National Cyber Security Alliance, “2011 NCSA / McAfee
Internet Home Users Survey,” National Cyber Security
Alliance, Oct. 2011.
[11] National Cyber Security Alliance, “2012 NCSA / McAfee
Online Safety Survey,” National Cyber Security Alliance,
Oct. 2012.
[12] W. Ashford, “Social media: A security challenge and
opportunity,” ComputerWeekly, 2013. [Online]. Available:
http://www.computerweekly.com/feature/Social-media-a-
security-challenge-and-opportunity. [Accessed: 20-Apr-
2016].
[13] R. W. Rogers, “A Protection Motivation Theory of Fear
Appeals and Attitude Change,” J. Psychol., vol. 91, no. 1,
p. 93, Sep. 1975.
[14] E. Fokes and L. Li, “A survey of security vulnerabilities in
social networking media,” Proc. 3rd Annu. Conf. Res. Inf.
Technol., p. 57, Oct. 2014.
[15] H. Nemati, J. D. Wall, and A. Chow, “Privacy Coping and
Information-Sharing Behaviors in Social Media: A
Comparison of Chinese and U.S. Users,” J. Glob. Inf.
Technol. Manag., vol. 17, no. 4, p. 228, Oct. 2014.
[16] C. Wueest, “The risks of social networking,” Symantec
Corporation, 2010.
[17] J. Zhao and S. Y. Zhao, “Security and Vulnerability
Assessment of Social Media Sites: An Exploratory Study,”
J. Educ. Bus., vol. 90, no. 8, pp. 458–466, Jan. 2015.
[18] J. Pagliery, “Two million Facebook, Gmail and Twitter
passwords stolen in massive hack,” CNN, Dec-2013.
[Online]. Available:
http://money.cnn.com/2013/12/04/technology/security/pass
words-stolen/. [Accessed: 18-May-2016].
[19] L. Whitney, “More cyberattacks hitting social networks,”
CNET, Aug-2011. [Online]. Available:
http://www.cnet.com/news/more-cyberattacks-hitting-
social-networks/. [Accessed: 31-May-2016].
[20] D. Popescul and M. Georgescu, “Social Networks Security
in Universities: Challenges and Solutions,” Sci. Ann.
Alexandru Ioan Cuza Univ. Iasi Econ. Sci. Ser., vol. 62,
pp. 53–63, Dec. 2015.
[21] P. Gundecha, G. Barbier, and H. Liu, “Exploiting
vulnerability to secure user privacy on a social networking
site,” Proc. 17th ACM SIGKDD Int. Conf. Knowl. Discov.
Data Min., p. 511, Aug. 2011.
[22] H. Liu and P. Maes, “InterestMap: Harvesting Social
Network Profiles for Recommendations,” Pers.-IUI, pp.
56–66, 2005.
[23] Y. Li, “Theories in online information privacy research: A
critical review and an integrated framework,” Decis.
Support Syst., vol. 54, pp. 471–481, Dec. 2012.
[24] Sangmi Chai, C. Morrell, S. Bagchi-Sen, H. r. Rao, and S.
J. Upadhyaya, “Internet and online information privacy: an
exploratory study or preteens and early teens,” IEEE
Trans. Prof. Commun., no. 2, p. 167, 2009.
[12] Kaspar, K. 2015. An embodiment perspective on
protection motivation theory: the impact of incidental
34
weight sensations on threat-appraisal, coping-appraisal,
and protection motivation. Studia Psychologica: Journal
for Basic Research in Psychological Sciences. 4 (2015),
301.
[26] S. R. Boss, D. F. Galletta, P. B. Lowry, G. D. Moody, and
P. Polak, “What Do Systems Users Have to Fear? Using
Fear Appeals to Engender Threats and Fear that Motivate
Protective Security Behaviors,” Social Science Research
Network, Rochester, NY, SSRN Scholarly Paper ID
2607190, Dec. 2015.
[27] J. L. Jenkins, M. Grimes, J. G. Proudfoot, and P. B. Lowry,
“Improving Password Cyber-Security Through Inexpensive
and Minimally Invasive Means: Detecting and Deterring
Password Reuse Through Keystroke-Dynamics Monitoring
and Just-in-Time Fear Appeals,” Social Science Research
Network, Rochester, NY, SSRN Scholarly Paper ID
2292761, Apr. 2014.
[28] A. C. Johnston and M. Warkentin, “Fear Appeals and
Information Security Behaviors: An Empirical Study,” MIS
Q., vol. 34, no. 3, pp. 549-A4, Sep. 2010.
[29] T. Herath and H. R. Rao, “Protection motivation and
deterrence: a framework for security policy compliance in
organisations,” Eur. J. Inf. Syst., vol. 18, no. 2, pp. 106–
125, Apr. 2009.
[30] F. D. Davis, “Perceived usefulness, perceived ease of use,
and user acceptance of information technology,” MIS Q.,
vol. 13, no. 1, pp. 319–340, 1989.
[31] T. Chenoweth, R. Minch, and T. Gattiker, “Application of
protection motivation theory to adoption of protective
technologies,” in Proceedings of the 42nd Annual Hawaii
International Conference on System Sciences, HICSS,
2009.
[32] M. Siponen, S. Pahnila, and A. Mahmood, “Factors
Influencing Protection Motivation and IS Security Policy
Compliance,” in 2006 Innovations in Information
Technology, 2006, pp. 1–5.
[33] H. S. Tsai, M. Jiang, S. Alhabash, R. LaRose, N. J. Rifon,
and S. R. Cotten, “Understanding online safety behaviors:
A protection motivation theory perspective,” Comput.
Secur., vol. 59, pp. 138–150, Jun. 2016.