{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,8]],"date-time":"2026-04-08T00:53:14Z","timestamp":1775609594873,"version":"3.50.1"},"reference-count":48,"publisher":"Oxford University Press (OUP)","issue":"1","license":[{"start":{"date-parts":[[2024,8,14]],"date-time":"2024-08-14T00:00:00Z","timestamp":1723593600000},"content-version":"vor","delay-in-days":226,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024,1,2]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>Email is frequently the attack vector of choice for hackers and is a large concern for campus IT organizations. This paper attempts to gain insight into what drives the email security behaviors of students, faculty, and staff at one midwestern public, master\u2019s granting university. The survey relies on the health belief model as its theoretical basis and measures eight constructs including email security behavior, perceived barriers to practice, self-efficacy, cues to action, prior security experience, perceived vulnerability, perceived benefits, and perceived severity. Barriers to practice, self-efficacy, vulnerability, benefits, and prior experience variables were found to be significant determinants of self-reported email security behaviors. Additional discussion of results based on subgroups of the respondents and interaction models is included in this paper. The findings of this study may help shed light on how universities can better prepare students, faculty, and staff to handle this critical information security concern. Given the makeup of the subject population, some findings may be applicable to businesses beyond academic institutions.<\/jats:p>","DOI":"10.1093\/cybsec\/tyae012","type":"journal-article","created":{"date-parts":[[2024,8,14]],"date-time":"2024-08-14T08:14:06Z","timestamp":1723623246000},"source":"Crossref","is-referenced-by-count":5,"title":["The health belief model and phishing: determinants of preventative security behaviors"],"prefix":"10.1093","volume":"10","author":[{"given":"Jie","family":"Du","sequence":"first","affiliation":[{"name":"School of Computing, College of Computing, Grand Valley State University , 1 Campus Drive , Allendale, MI 49401,","place":["United States"]}]},{"given":"Andrew","family":"Kalafut","sequence":"additional","affiliation":[{"name":"School of Computing, College of Computing, Grand Valley State University , 1 Campus Drive , Allendale, MI 49401,","place":["United States"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3163-421X","authenticated-orcid":false,"given":"Gregory","family":"Schymik","sequence":"additional","affiliation":[{"name":"School of Computing, College of Computing, Grand Valley State University , 1 Campus Drive , Allendale, MI 49401,","place":["United States"]}]}],"member":"286","published-online":{"date-parts":[[2024,8,14]]},"reference":[{"key":"2024121909125077700_bib1","first-page":"259","article-title":"An investigation of phishing awareness and education over time: when and how to best remind users","volume-title":"Proceedings of the Sixteenth Symposium on Usable Privacy and Security","author":"Reinheimer","year":"2020"},{"key":"2024121909125077700_bib2","volume-title":"Report Shows Extent of Campus Cyber Attack Activities","author":"Solomon","year":"2017"},{"key":"2024121909125077700_bib3","first-page":"22","article-title":"Information security: risky business","volume":"52","author":"Grama","year":"2017","journal-title":"Educause Rev"},{"key":"2024121909125077700_bib4","article-title":"Ransomware criminals are targeting US universities","author":"Kshetri","year":"2021"},{"key":"2024121909125077700_bib5","volume-title":"Struggling to Connect with College Students on IT Security","author":"Bendici","year":"2017"},{"key":"2024121909125077700_bib6","article-title":"Why college students\u2019 online behavior makes them prime targets for identity theft","author":"Legnitto","year":"2021"},{"key":"2024121909125077700_bib7","doi-asserted-by":"crossref","first-page":"271","DOI":"10.1016\/S0360-1315(03)00049-6","article-title":"College student web use, perceptions of information creditability, and verification behavior","volume":"41","author":"Metzger","year":"2003","journal-title":"Comput Educ"},{"key":"2024121909125077700_bib8","first-page":"186","article-title":"Comparing the mobile device security behavior of college students and information technology professionals","volume":"10","author":"Harris","year":"2014","journal-title":"J Inf Priv Secur"},{"key":"2024121909125077700_bib9","first-page":"14","article-title":"Student intentions and behaviors related to email security: an application of the health belief model","volume":"11","author":"Schymik","year":"2018","journal-title":"J Inf Syst Appl Res"},{"key":"2024121909125077700_bib10","doi-asserted-by":"crossref","first-page":"815","DOI":"10.1016\/j.dss.2008.11.010","article-title":"Studying users\u2019 computer security behavior: a health belief perspective","volume":"46","author":"Ng","year":"2009","journal-title":"Decis Supp Syst"},{"key":"2024121909125077700_bib11","first-page":"20","article-title":"Analyzing home PC security adoption behavior","volume":"52","author":"Claar","year":"2012","journal-title":"J Comput Inf Syst"},{"key":"2024121909125077700_bib12","first-page":"139","article-title":"College student home computer security adoption","volume":"14","author":"Claar","year":"2013","journal-title":"Iss Inf Syst"},{"key":"2024121909125077700_bib13","doi-asserted-by":"crossref","first-page":"425","DOI":"10.2307\/30036540","article-title":"User acceptance of information technology: toward a unified view","volume":"27","author":"Venkatesh","year":"2003","journal-title":"MIS Quart"},{"key":"2024121909125077700_bib14","doi-asserted-by":"crossref","first-page":"354","DOI":"10.1177\/109019817400200405","article-title":"The health belief model and preventative health behavior","volume":"2","author":"Rosenstock","year":"1974","journal-title":"Health Educ Monogr"},{"key":"2024121909125077700_bib15","first-page":"175","article-title":"Social learning theory and the health belief model","volume":"15","author":"Rosenstock","year":"1988","journal-title":"Health Educ Behav"},{"key":"2024121909125077700_bib16","doi-asserted-by":"crossref","first-page":"23","DOI":"10.4018\/joeuc.2014070102","article-title":"Explaining users\u2019 security behaviors with the security belief model","volume":"26","author":"Williams","year":"2014","journal-title":"J Organ End User Comput"},{"key":"2024121909125077700_bib17","doi-asserted-by":"crossref","first-page":"75","DOI":"10.1016\/j.cose.2019.05.023","article-title":"An integrated model for assessing cyber-safety behaviors: how cognitive, socioeconomic, and digital determinants affect diverse safety","volume":"86","author":"Dodel","year":"2019","journal-title":"Comput Secur"},{"key":"2024121909125077700_bib18","doi-asserted-by":"crossref","first-page":"15","DOI":"10.4018\/IJTHI.2019010102","article-title":"Understanding information security behaviours of Tanzanian government employees: a health belief model perspective","volume":"15","author":"Koloseni","year":"2019","journal-title":"Int J Technol Human Interact"},{"key":"2024121909125077700_bib19","article-title":"Investigation of individuals' behavior towards phishing attacks using the health belief model","volume-title":"Proceedings of the 36th Twente Student Conference on IT","author":"Ehizibue","year":"2022"},{"key":"2024121909125077700_bib20","doi-asserted-by":"crossref","first-page":"129","DOI":"10.1016\/j.cose.2017.01.010","article-title":"Familiarity with internet threats: beyond awareness","volume":"66","author":"Jeske","year":"2017","journal-title":"Comput Secur"},{"key":"2024121909125077700_bib21","doi-asserted-by":"crossref","first-page":"597","DOI":"10.1016\/j.cose.2011.12.010","article-title":"Leveraging behavioral science to mitigate cyber security risk","volume":"31","author":"Pfleeger","year":"2012","journal-title":"Comput Secur"},{"key":"2024121909125077700_bib22","doi-asserted-by":"crossref","first-page":"187","DOI":"10.2307\/257296","article-title":"Beyond expectancy theory: an integrative motivational model from health care","volume":"7","author":"Walker","year":"1982","journal-title":"Acad Manag Rev"},{"key":"2024121909125077700_bib23","doi-asserted-by":"crossref","first-page":"386","DOI":"10.17705\/1jais.00133","article-title":"The centrality of awareness in the formation of user behavioral intention toward protective information technologies","volume":"8","author":"Dinev","year":"2007","journal-title":"JAIS"},{"key":"2024121909125077700_bib24","first-page":"169","article-title":"Understanding optimism bias in phishing: a health belief model perspective","volume-title":"Pacific Asia Conference on Information Systems (PACIS)","author":"Lei"},{"key":"2024121909125077700_bib25","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1080\/00223980.1975.9915803","article-title":"A protection motivation theory of fear appeals and attitude change","volume":"91","author":"Rogers","year":"1975","journal-title":"J Psychol"},{"key":"2024121909125077700_bib26","first-page":"153","article-title":"Cognitive and physiological processes in fear appeals and attitude change: a revised theory of protection motivation","volume-title":"Social Psychophysiology","author":"Rogers","year":"1983"},{"key":"2024121909125077700_bib27","doi-asserted-by":"crossref","first-page":"850","DOI":"10.1108\/ICS-07-2020-0125","article-title":"Exploring potential gender differences in information security and privacy","volume":"29","author":"McGill","year":"2021","journal-title":"Inf Comput Secur"},{"key":"2024121909125077700_bib28","doi-asserted-by":"crossref","first-page":"376","DOI":"10.1016\/j.cose.2017.07.003","article-title":"Security begins at home: determinants of home computer and mobile device security behavior","volume":"70","author":"Thompson","year":"2017","journal-title":"Comput Secur"},{"key":"2024121909125077700_bib29","doi-asserted-by":"crossref","first-page":"29","DOI":"10.1016\/j.ijhcs.2018.11.003","article-title":"Using protection motivation theory in the design of nudges to improve online security behavior","volume":"123","author":"van\u00a0Bavel","year":"2019","journal-title":"Int J Hum Comput Stud"},{"key":"2024121909125077700_bib30","doi-asserted-by":"crossref","first-page":"102278","DOI":"10.1016\/j.cose.2021.102278","article-title":"Maladaptive behaviour in response to email phishing threats: the roles of rewards and response costs","volume":"106","author":"Bax","year":"2021","journal-title":"Comput Secur"},{"key":"2024121909125077700_bib31","doi-asserted-by":"crossref","first-page":"413","DOI":"10.3390\/info13090413","article-title":"Cybersecurity behavior among government employees: the role of protection motivation theory and responsibility in mitigating cyberattacks","volume":"13","author":"Sulaiman","year":"2022","journal-title":"Information"},{"key":"2024121909125077700_bib32","doi-asserted-by":"crossref","first-page":"196","DOI":"10.17705\/1jais.00723","article-title":"A test of protection motivation theory in the information security literature: a meta-analytic structural equation modeling approach in search advertising","volume":"23","author":"Mou","year":"2022","journal-title":"JAIS"},{"key":"2024121909125077700_bib33","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s10869-013-9308-7","article-title":"Moderation in management research: what, why, when and how","volume":"29","author":"Dawson","year":"2014","journal-title":"J Bus Psychol"},{"key":"2024121909125077700_bib34","first-page":"502","article-title":"Self-prediction: exploring the parameters of accuracy","volume":"50","author":"Osberg","year":"1986","journal-title":"J Pers Soc Psychol"},{"key":"2024121909125077700_bib35","doi-asserted-by":"crossref","first-page":"299","DOI":"10.1037\/0735-7028.18.4.299","article-title":"Describing the crime victim: psychological reactions to victimization","volume":"18","author":"Frieze","year":"1987","journal-title":"Profess Psychol Res Pract"},{"key":"2024121909125077700_bib36","first-page":"131","article-title":"PC usage among students in a private institution of higher learning: the moderating role of prior experience","volume":"20","author":"Ramayah","year":"2005","journal-title":"J Educ Educ"},{"key":"2024121909125077700_bib37","doi-asserted-by":"crossref","first-page":"987","DOI":"10.1016\/j.chb.2010.02.012","article-title":"Optimistic bias about online privacy risks: testing the moderating effects of perceived controllability and prior experience","volume":"26","author":"Cho","year":"2010","journal-title":"Comput Hum Behav"},{"key":"2024121909125077700_bib38","doi-asserted-by":"crossref","first-page":"97","DOI":"10.21500\/20112084.854","article-title":"How to factor-analyze your data right: do's, don'ts, and how-to's","volume":"3","author":"Matsunag","year":"2010","journal-title":"Int J Psychol Res"},{"key":"2024121909125077700_bib39","volume-title":"Multivariate Data Analysis (Fifth ed.)","author":"Hair","year":"1998"},{"key":"2024121909125077700_bib40","volume-title":"Psychometric Theory","author":"Nunnally","year":"1978"},{"key":"2024121909125077700_bib41","doi-asserted-by":"crossref","first-page":"106","DOI":"10.1111\/j.1559-1816.2000.tb02308.x","article-title":"Prediction and intervention in health-related behavior: a meta-analytic review of protection motivation theory","volume":"30","author":"Milne","year":"2000","journal-title":"J Appl Soc Pyschol"},{"key":"2024121909125077700_bib42","first-page":"102916","article-title":"Stakeholder perspectives and requirements on cybersecurity in Europe","volume":"61","author":"Fischer-H\u00fcbner","year":"2021","journal-title":"J Inf Secur Appl"},{"key":"2024121909125077700_bib43","doi-asserted-by":"crossref","first-page":"345","DOI":"10.1016\/j.cose.2017.11.015","article-title":"Correlating human traits and cyber security behavior intentions","volume":"73","author":"Gratian","year":"2018","journal-title":"Comput Secur"},{"key":"2024121909125077700_bib44","article-title":"EDUCAUSE QuickPoll results: growing needs and opportunities for security awareness training","volume-title":"EDUCAUSE Review","author":"Burns","year":"2023"},{"key":"2024121909125077700_bib45","doi-asserted-by":"crossref","first-page":"597","DOI":"10.1080\/07421222.2017.1334499","article-title":"Training to mitigate phishing attacks using mindfulness techniques","volume":"34","author":"Jensen","year":"2017","journal-title":"J Manag Inf Syst"},{"key":"2024121909125077700_bib46","first-page":"61","article-title":"A self-report measure of end-user security attitudes (SA-6)","volume-title":"Proceedings of the Fifteenth USENIX Conference on Usable Privacy and Security. Santa Clara, CA, USA","author":"Faklaris","year":"2019"},{"key":"2024121909125077700_bib47","doi-asserted-by":"crossref","first-page":"787","DOI":"10.1080\/10543401003618819","article-title":"Sample sizes required to detect two-way and three-way interactions involving slope differences in mixed-effects linear models","volume":"20","author":"Heo","year":"2010","journal-title":"J Biopharm Stat"},{"key":"2024121909125077700_bib48","first-page":"301","article-title":"Next-generation information systems theorizing: a call to action","volume":"45","author":"Burton-Jones","year":"2021","journal-title":"MIS Quart"}],"container-title":["Journal of Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/10\/1\/tyae012\/61182327\/tyae012.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/10\/1\/tyae012\/61182327\/tyae012.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,12,19]],"date-time":"2024-12-19T09:13:10Z","timestamp":1734599590000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article\/doi\/10.1093\/cybsec\/tyae012\/7733328"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"references-count":48,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2024,1,2]]}},"URL":"https:\/\/doi.org\/10.1093\/cybsec\/tyae012","relation":{},"ISSN":["2057-2085","2057-2093"],"issn-type":[{"value":"2057-2085","type":"print"},{"value":"2057-2093","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2024]]},"published":{"date-parts":[[2024]]},"article-number":"tyae012"}}