Secure Behavior over Time

Research has investigated the role of numerous influences on individual information security behaviors, including protection motivation, deterrence, and various dispositional and environmental factors. Various theories have been applied to study these influences on security behaviors. One major research stream has looked at threat and coping appraisals by IT users. However, users' beliefs, attitudes, appraisals, and intentions are not static, and there has been little attention to how these factors interact over time. When users (directly or vicariously) experience a security threat, they tend to engage in improved security hygiene, but often only for a limited time. A major theory that can provide comprehensive and unified insights into the phenomenon of continuous secure behavior is the Theory of Process Memory which explains the role of prior experience effects and the underlying mechanisms of continuous behavior, including feedback mechanism, sequential updating mechanism, behavioral automaticity (habit), and reason-based action. The application of this theory to behavioral information security research can foster a deep understanding about how each cognitive mechanism can influence IT users' continuous secure behavior, and through which type of human memory each mechanism can act. This rich theory, which is well-established in cognitive psychology, can help behavioral information security scholars to rigorously investigate the very important, yet understudied, phenomenon of continuance secure behavior.