The Association Between the Multidimensional Evaluation of Attitudes Toward Security Recommendations and the Intention of Following Those Recommendations

This study focused on the attitudes toward security recommendations as determinants of compliance with these recommendations in the workplace. It aimed to determine whether attitudes toward an overall concept (security recommendations in organizations) are associated with Information Security (IS) actions. We also examined the relationship between various dimensions of attitudes toward security recommendations and IS actions that follow these recommendations. We conducted a national survey of American workers. Six hundred and eighty-two responses were retained. We also collected demographic data to explore their moderating role in the relation between predictors and IS action-intention. The survey included four workplace scenarios and two scales: the Attitudes toward Security Recommendations (ASR) and the Intentions scales. The ASR scale records respondents' attitudes toward security recommendations, whereas the Intentions scale measures the intention to follow security recommendations in workplace scenarios. We found that the perceived legitimacy and effectiveness of security recommendations are positively correlated with the intention to follow these recommendations in the future. We also found that perceptions of the rigor of security recommendations were negatively correlated with the intention of IS action. None of the demographic variables moderated the relationship between predictors of IS action and intentions. Demonstrating the relationship between the two dimensions of attitudes toward security recommendations and IS actions allows practitioners to tailor interventions according to perceptions of the legitimacy and rigor of security recommendations. We make a theoretical contribution by using the assessment of a general concept (security recommendations) as an antecedent of IS action and demonstrating the role of the multidimensional nature of attitudes in the IS context. The results showed a good explanatory capability of attitudes, which remained parsimonious in interpreting the behavioral mechanism ...