Mitigating the Ransomware Threat: A Protection Motivation Theory Approach
Ransomware has emerged as one of the biggest security threats to organizations and individuals alike. As technical solutions are developed the creators of ransomware are also improving the sophistication of such attacks. A combination of technical and behavioral measures is required to deal with this problem. This study investigates computer users’ motivation to adopt security measures against ransomware, using protection motivation theory (PMT) as a theoretical foundation. We conducted empirical research, using a survey methodology, collecting data from 118 respondents. Using partial least squares structural equation modelling our analysis provides support for several factors influencing protection motivation in this context. These include perceived threat severity and perceived threat vulnerability, mediated by fear. Self-efficacy is shown as a significant coping factor. Maladaptive rewards and response costs both have a significant negative influence on protection motivation. The results provide support for the use of fear appeals and PMT to influence protection motivation in the context of ransomware threats.
KeywordsRansomware Malware Cybersecurity Protection motivation theory Fear appeal
This work is based on the research supported wholly/in part by the National Research Foundation of South Africa (Grant Numbers 114838).
- 1.Whitman, M.E., Mattord, H.J.: Principles of Information Security. Cengage Learning, Boston (2011)Google Scholar
- 3.Investigation: WannaCry cyber attack and the NHS - National Audit Office (NAO). https://www.nao.org.uk/report/investigation-wannacry-cyber-attack-and-the-nhs/
- 6.Nadeau, M.: 11 ransomware trends for 2018. https://www.csoonline.com/article/3267544/ ransomware/11-ways-ransomware-is-evolving.html
- 11.Gallegos-Segovia, P.L., Bravo-Torres, J.F., Larios-Rosillo, V.M., Vintimilla-Tapia, P.E., Yuquilima-Albarado, I.F., Jara-Saltos, J.D.: Social engineering as an attack vector for ransomware. In: 2017 CHILEAN Conference on Electrical, Electronics Engineering, Information and Communication Technologies (CHILECON), pp. 1–6 (2017)Google Scholar
- 14.Crossler, R.E., Bélanger, F., Ormond, D.: The quest for complete security: an empirical analysis of users’ multi-layered protection from security threats. Inf. Syst. Front., 1–15 (2017)Google Scholar
- 19.Rogers, R.W.: Cognitive and physiological processes in fear appeals and attitude change: a revised theory of protection motivation. Soc. Psychophysiol., 153–176 (1983)Google Scholar
- 23.Ringle, C.M., Wende, S., Becker, J.-M.: SmartPLS 3. SmartPLS GmbH (2015)Google Scholar