An integrated persuasive technology model for information security awareness

Abstract

In this digital era, information assets are becoming increasingly important, thereby necessitating measures to ensure information security. Globally, end-users are also struggling to ensure the security of their information. In the domain of information security, it is the human factor that constitutes the greatest vulnerability. While security education, training, and awareness programmes are evolving as valuable approaches to increasing awareness and behaviour intention to information security, changing security awareness and behaviour by end-users remains the most complex and challenging aspect of information security. Furthermore, the conventional methods for influencing information security awareness are still very expensive, time-consuming, and require regular repeating. Given such challenges, this research introduces persuasive technology to improve users’ awareness and behaviour intention. Persuasive technology has proved to be successful in improving the end-users’ attitudes and behaviour. In this context, this research establishes an integrated model of improving end-users’ security awareness by incorporating relevant literature and multiple empirically verified theories, including the Fogg behaviour model (FBM), Protection Motivation Theory (PMT), Theory of Planned Behaviour (TPB), and Technology Acceptance Model (TAM). A multidimensional research model has been proposed based on the main categories of FBM (motivation, ability, and trigger) to identify the effects of key factors in the persuasive technology context for influencing end-users’ security awareness and behaviour intention. The prototype has been developed in order to implement the factors of the proposed model and measure the effectiveness of persuasive technology to enhance information security awareness. This research adopts a mixed-methods approach to evaluate the proposed model and prototype. The proposed research model was validated through paired sample T-test and partial least squares (PLS), which were administered to 100 participants to measure security awareness in the light of persuasive technology. Furthermore, content analysis was performed using NVivo software for 45 semi-structured interviews to collect qualitative data on the end-users’ perception of the prototype. The collection of data is based on secondary and primary data. In order to improve primary information, secondary data references were collected from publications, journals, and books. The data for this study was acquired through the use of a quasi-experiment. The experiment began with a pre-prototype questionnaire, followed by the use of the prototype, followed by a post-prototype questionnaire, and finally, a short interview. The results validate the effectiveness of the prototype utilising the factors of the research model, specifically FBM attributes. Moreover, the results indicate that the research model significantly predicts the key factors affecting security awareness and behaviour intention in respect of persuasive technology. This study contributes to the body of knowledge by providing empirical results for the key factors that affect security awareness and intention of security behaviour in a persuasive technology context. The findings provide organisations and security practitioners with a model for the creation and development of a proactive and customised security awareness system. This research has contributed significantly to Human-Computer Interaction (HCI), specifically in the design and content of persuasive technology to influence security awareness and intention of security behaviour in the safe and secure use of information technology.