Information security threat avoidance behavior: an empirical investigation

In recent years, with the continuous integration of information technology into daily life, users are facing more and more information security threats. Although many software and hardware protection methods have been put in place to achieve higher information security, the number of security incidents has not decreased. Traditionally, much of the work of providing security in information systems has focused on technology, and recent research has shown that user behavior does play a central role. Considering that end users are often the first line of defense and are often seen as the weakest link in information security, security defenses are very important. Therefore, the purpose of this study is to examine the relationship between perceived information security threats and information security behavior of users by using Technology Threat Avoidance Theory (TTAT). This study focuses on three types of threats: malware, data loss or leakage and identity theft. More importantly, a variety of information security behaviors were identified in this study, including password usage behavior, security software usage behavior, data storage behavior, physical security behavior, and proactive awareness behavior. Based on a survey data provided by 319 Internet users from a public university in Malaysia, the research results show that data loss or leakage is the most harmful threat to information security of users, followed by malware and identity theft. Moreover, these perceived threats have a positive impact on the five information security behaviors, where proactive awareness behavior is the top choice among these five information security behaviors.