{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,8]],"date-time":"2026-07-08T02:00:15Z","timestamp":1783476015637,"version":"3.55.0"},"reference-count":111,"publisher":"Emerald","issue":"1","license":[{"start":{"date-parts":[[2024,4,17]],"date-time":"2024-04-17T00:00:00Z","timestamp":1713312000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2025,1,20]]},"abstract":"<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title>\n<jats:p>The current advancements in technologies and the internet industry provide users with many innovative digital devices for entertainment, communication and trade. However, simultaneous development and the rising sophistication of cybercrimes bring new challenges. Micro businesses use technology like how people use it at home, but face higher cyber risks during riskier transactions, with human error playing a significant role. Moreover, information security researchers have often studied individuals\u2019 adherence to compliance behaviour in response to cyber threats. The study aims to examine the protection motivation theory (PMT)-based model to understand individuals\u2019 tendency to adopt secure behaviours.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title>\n<jats:p>The study focuses on Australian micro businesses since they are more susceptible to cyberattacks due to the least security measures in place. Out of 877 questionnaires distributed online to Australian micro business owners through survey panel provider \u201cDynata,\u201d 502 (<jats:italic>N<\/jats:italic> = 502) complete responses were included. Structural equational modelling was used to analyse the relationships among the variables.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Findings<\/jats:title>\n<jats:p>The results indicate that all constructs of the protection motivation, except threat susceptibility, successfully predict the user protective behaviours. Also, increased cybersecurity costs negatively impact users\u2019 safe cyber practices.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title>\n<jats:p>The study has critical implications for understanding micro business owners\u2019 cyber security behaviours. The study contributes to the current knowledge of cyber security in micro businesses through the lens of PMT.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ics-10-2023-0176","type":"journal-article","created":{"date-parts":[[2024,4,15]],"date-time":"2024-04-15T09:17:20Z","timestamp":1713172640000},"page":"49-76","source":"Crossref","is-referenced-by-count":12,"title":["Human-centric cyber security: Applying protection motivation theory to analyse micro business owners\u2019 security behaviours"],"prefix":"10.1108","volume":"33","author":[{"given":"Hassan","family":"Jamil","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Tanveer","family":"Zia","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Tahmid","family":"Nayeem","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Monica T.","family":"Whitty","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Steven","family":"D'Alessandro","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"140","published-online":{"date-parts":[[2024,4,17]]},"reference":[{"issue":"2","key":"key2025011616444655900_ref001","doi-asserted-by":"publisher","first-page":"179","DOI":"10.1016\/0749-5978(91)90020-T","article-title":"The theory of planned behavior","volume":"50","year":"1991","journal-title":"Organizational Behavior and Human Decision Processes"},{"key":"key2025011616444655900_ref002","volume-title":"Understanding Attitudes and Predicting Social Behavior","year":"1980"},{"key":"key2025011616444655900_ref003","article-title":"The influence of attitudes on behavior","year":"2018"},{"issue":"3","key":"key2025011616444655900_ref004","doi-asserted-by":"publisher","first-page":"613","DOI":"10.2307\/25750694","article-title":"Practicing safe computing: a multimethod empirical examination of home computer user security behavioral intentions","volume":"34","year":"2010","journal-title":"MIS Quarterly"},{"key":"key2025011616444655900_ref005","doi-asserted-by":"publisher","first-page":"437","DOI":"10.1016\/j.chb.2016.12.040","article-title":"Gender difference and employees' cybersecurity behaviors","volume":"69","year":"2017","journal-title":"Computers in Human Behavior"},{"key":"key2025011616444655900_ref006","unstructured":"Australian Bureau of Statistics (2015), \u201cA profile of Australian women in business\u201d, available at: www.pmc.gov.au\/sites\/default\/files\/publications\/profile_of_australian_women_in_business.pdf"},{"key":"key2025011616444655900_ref007","unstructured":"Australian Criminal Intelligence Commission (2018), \u201cCybercrime\u201d, Australian Criminal Intelligence Commission. Retrieved 2018, available at: www.acic.gov.au\/about-crime\/organised-crime-groups\/cybercrime"},{"key":"key2025011616444655900_ref008","unstructured":"Australian Cyber Security Centre (2023a), \u201cCyber security and Australian small businesses\u201d, available at: www.smallbusiness.nsw.gov.au\/news-podcasts\/news\/cybercrime-losses-doubled-small-businesses#:\u223c:text=ACSC%20Small%20Business%20Survey%20Report"},{"key":"key2025011616444655900_ref009","unstructured":"Australian Cyber Security Centre (2023b), \u201cInformation security manual\u201d, available at: www.cyber.gov.au\/sites\/default\/files\/2023-09\/information_security_manual_march_2023.pdf"},{"key":"key2025011616444655900_ref010","unstructured":"Australian Securities and Investments Commission (2023), \u201cSpotlight on cyber: findings and insights from the cyber pulse survey 2023\u201d, A. S. I. Commission, available at: https:\/\/download.asic.gov.au\/media\/yiqjhv0p\/rep776-published-13-november-2023.pdf"},{"key":"key2025011616444655900_ref011","unstructured":"Australian Small Business and Family Enterprise Ombudsman (2023), \u201cSmall business worth more than half a trillion dollars to the Australian economy\u201d, Australian Government. Retrieved January 18, 2024, available at: www.asbfeo.gov.au\/media-centre\/media-releases\/small-business-worth-more-half-trillion-dollars-australian-economy"},{"issue":"3","key":"key2025011616444655900_ref012","doi-asserted-by":"crossref","first-page":"604","DOI":"10.1007\/s13187-016-1004-7","article-title":"Determinants of skin cancer preventive behaviors among rural farmers in Iran: an application of protection motivation theory","volume":"32","year":"2017","journal-title":"Journal of Cancer Education"},{"issue":"2","key":"key2025011616444655900_ref013","doi-asserted-by":"crossref","first-page":"442","DOI":"10.1002\/pon.4510","article-title":"Protection motivation theory in predicting intention to receive cervical cancer screening in rural Chinese women","volume":"27","year":"2018","journal-title":"Psycho-Oncology"},{"issue":"4","key":"key2025011616444655900_ref014","doi-asserted-by":"crossref","first-page":"269","DOI":"10.1057\/jit.2008.12","article-title":"Linking IT implementation and acceptance via the construct of psychological ownership of information technology","volume":"23","year":"2008","journal-title":"Journal of Information Technology"},{"issue":"1","key":"key2025011616444655900_ref015","article-title":"Response to a phishing attack: persuasion and protection motivation in an organizational context","volume":"30","year":"2021","journal-title":"Information and Computer Security"},{"issue":"3","key":"key2025011616444655900_ref016","doi-asserted-by":"crossref","first-page":"282","DOI":"10.1080\/0144929X.2019.1685597","article-title":"Using smartwatches for fitness and health monitoring: the UTAUT2 combined with threat appraisal as moderators","volume":"40","year":"2021","journal-title":"Behaviour and Information Technology"},{"key":"key2025011616444655900_ref017","doi-asserted-by":"crossref","first-page":"103099","DOI":"10.1016\/j.cose.2023.103099","article-title":"Protecting your business against ransomware attacks? Explaining the motivations of entrepreneurs to take future protective measures against cybercrimes using an extended protection motivation theory model","volume":"127","year":"2023","journal-title":"Computers and Security"},{"issue":"4","key":"key2025011616444655900_ref018","doi-asserted-by":"crossref","first-page":"531","DOI":"10.1016\/j.bushor.2020.03.010","article-title":"Calculated risk? A cybersecurity evaluation tool for SMEs","volume":"63","year":"2020","journal-title":"Business Horizons"},{"issue":"4","key":"key2025011616444655900_ref019","doi-asserted-by":"crossref","first-page":"837","DOI":"10.25300\/MISQ\/2015\/39.4.5","article-title":"What do systems users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviors","volume":"39","year":"2015","journal-title":"MIS Quarterly"},{"issue":"2","key":"key2025011616444655900_ref020","doi-asserted-by":"crossref","first-page":"151","DOI":"10.1057\/ejis.2009.8","article-title":"If someone is watching, I'll do what I'm asked: mandatoriness, control, and information security","volume":"18","year":"2009","journal-title":"European Journal of Information Systems"},{"key":"key2025011616444655900_ref021","article-title":"Linking threat avoidance and security adoption: a theoretical model for SMEs","year":"2015"},{"issue":"3","key":"key2025011616444655900_ref022","doi-asserted-by":"crossref","first-page":"523","DOI":"10.2307\/25750690","article-title":"Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness","volume":"34","year":"2010","journal-title":"MIS Quarterly"},{"key":"key2025011616444655900_ref023","doi-asserted-by":"publisher","first-page":"103288","DOI":"10.1016\/j.cose.2023.103288","article-title":"Cascading information on best practice: cyber security risk management in UK micro and small businesses and the role of IT companies","volume":"131","year":"2023","journal-title":"Computers and Security"},{"key":"key2025011616444655900_ref024","doi-asserted-by":"publisher","first-page":"102402","DOI":"10.1016\/j.ijinfomgt.2021.102402","article-title":"Protective behavior in ride-sharing through the lens of protection motivation theory and usage situation theory","volume":"61","year":"2021","journal-title":"International Journal of Information Management"},{"key":"key2025011616444655900_ref025","doi-asserted-by":"publisher","first-page":"85701","DOI":"10.1109\/ACCESS.2022.3197899","article-title":"A survey on the cyber security of small-to-medium businesses: challenges, research focus and recommendations","volume":"10","year":"2022","journal-title":"IEEE Access"},{"key":"key2025011616444655900_ref026","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1016\/j.compedu.2017.05.003","article-title":"The moderating roles of gender and social norms on the relationship between protection motivation and risky online behavior among in-service teachers","volume":"112","year":"2017","journal-title":"Computers and Education"},{"issue":"4","key":"key2025011616444655900_ref027","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1080\/08874417.2012.11645573","article-title":"Analyzing home PC security adoption behavior","volume":"52","year":"2012","journal-title":"Journal of Computer Information Systems"},{"key":"key2025011616444655900_ref028","article-title":"Determinants of individual security behaviors","volume-title":"The Dewald Roode Information Security Workshop","year":"2010"},{"issue":"2","key":"key2025011616444655900_ref029","first-page":"1","article-title":"The quest for complete security: an empirical analysis of users\u2019 multi-layered protection from security threats","volume":"21","year":"2017","journal-title":"Information Systems Frontiers"},{"key":"key2025011616444655900_ref030","doi-asserted-by":"crossref","first-page":"90","DOI":"10.1016\/j.cose.2012.09.010","article-title":"Future directions for behavioral information security research","volume":"32","year":"2013","journal-title":"Computers and Security"},{"issue":"1","key":"key2025011616444655900_ref031","doi-asserted-by":"crossref","first-page":"209","DOI":"10.2308\/isys-50704","article-title":"Understanding compliance with bring your own device policies utilizing protection motivation theory: bridging the intention-behavior gap","volume":"28","year":"2014","journal-title":"Journal of Information Systems"},{"issue":"4","key":"key2025011616444655900_ref032","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1145\/2691517.2691521","article-title":"An extended perspective on individual security behaviors: Protection motivation theory and a unified security practices (USP) instrument","volume":"45","year":"2014","journal-title":"ACM SIGMIS Database: The Database for Advances in Information Systems"},{"key":"key2025011616444655900_ref033","doi-asserted-by":"crossref","first-page":"281","DOI":"10.1016\/j.cose.2014.11.002","article-title":"Comparing intention to avoid malware across contexts in a BYOD-enabled Australian university: a protection motivation theory approach","volume":"48","year":"2015","journal-title":"Computers and Security"},{"issue":"3","key":"key2025011616444655900_ref034","doi-asserted-by":"crossref","first-page":"319","DOI":"10.2307\/249008","article-title":"Perceived usefulness, perceived ease of use, and user acceptance of information technology","volume":"13","year":"1989","journal-title":"MIS Quarterly"},{"issue":"8","key":"key2025011616444655900_ref035","doi-asserted-by":"crossref","first-page":"1796","DOI":"10.1080\/0144929X.2021.1905066","article-title":"What we think we know about cybersecurity: an investigation of the relationship between perceived knowledge, internet trust, and protection motivation in a cybercrime context","volume":"41","year":"2022","journal-title":"Behaviour and Information Technology"},{"key":"key2025011616444655900_ref036","unstructured":"Deloitte Access (2019), \u201cACS Australia\u2019s digital pulse\u201d, available at: www.acs.org.au\/content\/dam\/acs\/acs-publications\/Digital-Pulse-2019-FINAL-Web.pdf"},{"issue":"2","key":"key2025011616444655900_ref037","article-title":"ISO\/IEC 27000, 27001 and 27002 for information security management","volume":"4","year":"2013","journal-title":"Journal of Information Security"},{"issue":"4","key":"key2025011616444655900_ref038","doi-asserted-by":"crossref","first-page":"849","DOI":"10.1111\/1745-9133.12641","article-title":"What motivates users to adopt cybersecurity practices? A survey experiment assessing protection motivation theory","volume":"22","year":"2023","journal-title":"Criminology and Public Policy"},{"issue":"5","key":"key2025011616444655900_ref039","first-page":"177","article-title":"Belief, attitude, intention, and behavior: an introduction to theory and research","year":"1977","journal-title":"Journal of Business Venturing"},{"issue":"2","key":"key2025011616444655900_ref040","doi-asserted-by":"crossref","first-page":"407","DOI":"10.1111\/j.1559-1816.2000.tb02323.x","article-title":"A meta\u2010analysis of research on protection motivation theory","volume":"30","year":"2000","journal-title":"Journal of Applied Social Psychology"},{"issue":"1","key":"key2025011616444655900_ref041","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1177\/002224378101800104","article-title":"Evaluating structural equation models with unobservable variables and measurement error","volume":"18","year":"1981","journal-title":"Journal of Marketing Research"},{"key":"key2025011616444655900_ref042","unstructured":"Gilfillan, G. (2016), \u201cDefinitions and data sources for small business in Australia: a quick guide\u201d, available at: https:\/\/parlinfo.aph.gov.au\/parlInfo\/download\/library\/prspub\/4228541\/upload_binary\/4228541.pdf;fileType=application\/pdf"},{"issue":"2","key":"key2025011616444655900_ref043","article-title":"Empirical assessment of mobile device users\u2019 information security behavior towards data breach: leveraging protection motivation theory","volume":"21","year":"2019","journal-title":"Journal of Intellectual Capital"},{"issue":"2","key":"key2025011616444655900_ref044","first-page":"215","article-title":"Empirical assessment of mobile device users\u2019 information security behavior towards data breach: leveraging protection motivation theory","volume":"21","year":"2020","journal-title":"Journal of Intellectual Capital"},{"key":"key2025011616444655900_ref045","doi-asserted-by":"publisher","volume-title":"Handbook of Health Behavior Research II: Provider Determinants","year":"1997","DOI":"10.1007\/978-1-4899-1760-7"},{"issue":"3","key":"key2025011616444655900_ref046","doi-asserted-by":"crossref","first-page":"611","DOI":"10.2307\/25148742","article-title":"The nature of theory in information systems","volume":"30","year":"2006","journal-title":"MIS Quarterly"},{"key":"key2025011616444655900_ref047","volume-title":"Multivariate Data Analysis: A Global Perspective","year":"2010","edition":"7 ed"},{"key":"key2025011616444655900_ref048","volume-title":"Multivariate Data Analysis","year":"1998"},{"issue":"6","key":"key2025011616444655900_ref049","doi-asserted-by":"publisher","first-page":"1285","DOI":"10.1007\/s10796-019-09959-1","article-title":"Investigating the security divide between SME and large companies: how SME characteristics influence organizational IT security investments","volume":"21","year":"2019","journal-title":"Information Systems Frontiers"},{"issue":"2","key":"key2025011616444655900_ref050","doi-asserted-by":"crossref","first-page":"106","DOI":"10.1057\/ejis.2009.6","article-title":"Protection motivation and deterrence: a framework for security policy compliance in organisations","volume":"18","year":"2009","journal-title":"European Journal of Information Systems"},{"issue":"1","key":"key2025011616444655900_ref051","doi-asserted-by":"crossref","first-page":"61","DOI":"10.1111\/j.1365-2575.2012.00420.x","article-title":"Security services as coping mechanisms: an investigation into user intention to adopt an email authentication service","volume":"24","year":"2014","journal-title":"Information Systems Journal"},{"key":"key2025011616444655900_ref052","doi-asserted-by":"crossref","first-page":"101594","DOI":"10.1016\/j.cose.2019.101594","article-title":"Institutional governance and protection motivation: theoretical insights into shaping employees\u2019 security compliance behavior in higher education institutions in the developing world","volume":"87","year":"2019","journal-title":"Computers and Security"},{"issue":"1","key":"key2025011616444655900_ref053","doi-asserted-by":"crossref","first-page":"83","DOI":"10.1016\/j.cose.2011.10.007","article-title":"Understanding information systems security policy compliance: an integration of the theory of planned behavior and the protection motivation theory","volume":"31","year":"2012","journal-title":"Computers and Security"},{"key":"key2025011616444655900_ref054","article-title":"COBIT framework 2019","author":"ISACA","year":"2019"},{"issue":"2","key":"key2025011616444655900_ref055","doi-asserted-by":"crossref","first-page":"148","DOI":"10.26735\/KPOB8473","article-title":"User acceptance of password manager software: evidence from Australian microbusinesses","volume":"4","year":"2021","journal-title":"Journal of Information Security and Cybercrimes Research"},{"issue":"3","key":"key2025011616444655900_ref056","article-title":"Fear appeals and information security behaviors: an empirical study","volume":"34","year":"2010","journal-title":"MIS Quarterly"},{"issue":"1","key":"key2025011616444655900_ref057","doi-asserted-by":"crossref","first-page":"113","DOI":"10.25300\/MISQ\/2015\/39.1.06","article-title":"An enhanced fear appeal rhetorical framework: leveraging threats to human asset through sanctioning rhetoric","volume":"39","year":"2015","journal-title":"MIS Quarterly"},{"key":"key2025011616444655900_ref058","article-title":"A comparative usability evaluation of traditional password managers","volume-title":"Information Security and Cryptology \u2013 ICISC 2010 International Conference on Information Security and Cryptology (ICISC)","year":"2010"},{"key":"key2025011616444655900_ref059","volume-title":"The Quest to Cyber Superiority: Cybersecurity Regulations, Frameworks, and Strategies of Major Economies","year":"2016"},{"key":"key2025011616444655900_ref060","doi-asserted-by":"publisher","first-page":"100165","DOI":"10.1016\/j.chbr.2021.100165","article-title":"The effects of antecedents and mediating factors on cybersecurity protection behavior","volume":"5","year":"2022","journal-title":"Computers in Human Behavior Reports"},{"issue":"1","key":"key2025011616444655900_ref061","doi-asserted-by":"crossref","first-page":"71","DOI":"10.2307\/20650279","article-title":"Avoidance of information technology threats: a theoretical perspective","volume":"33","year":"2009","journal-title":"MIS Quarterly"},{"key":"key2025011616444655900_ref062","article-title":"Better managed than memorized? Studying the impact of managers on password strength and reuse","volume-title":"27th USENIX Security Symposium","year":"2018"},{"issue":"10","key":"key2025011616444655900_ref063","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1016\/S1361-3723(17)30092-1","article-title":"Ransomware: the most popular form of attack","volume":"2017","year":"2017","journal-title":"Computer Fraud and Security"},{"key":"key2025011616444655900_ref064","first-page":"774","volume-title":"Application of Confirmatory Factor Analysis and Structural Equation Modeling in Sport and Exercise Psychology","year":"2007"},{"issue":"4","key":"key2025011616444655900_ref065","doi-asserted-by":"publisher","first-page":"1203","DOI":"10.1080\/07421222.2017.1394083","article-title":"User motivations in protecting information security: protection motivation theory versus self-determination theory","volume":"34","year":"2017","journal-title":"Journal of Management Information Systems"},{"issue":"6","key":"key2025011616444655900_ref066","doi-asserted-by":"publisher","first-page":"564","DOI":"10.1057\/s41303-017-0058-x","article-title":"Which phish get caught? An exploratory study of individuals\u2032 susceptibility to phishing","volume":"26","year":"2017","journal-title":"European Journal of Information Systems"},{"key":"key2025011616444655900_ref067","doi-asserted-by":"publisher","first-page":"113323","DOI":"10.1016\/j.dss.2020.113323","article-title":"Effectiveness of privacy assurance mechanisms in users' privacy protection on social networking sites from the perspective of protection motivation theory","volume":"135","year":"2020","journal-title":"Decision Support Systems"},{"key":"key2025011616444655900_ref068","doi-asserted-by":"publisher","first-page":"102724","DOI":"10.1016\/j.ijinfomgt.2023.102724","article-title":"A framework for cyber-risk insurance against ransomware: a mixed-method approach","volume":"74","year":"2024","journal-title":"International Journal of Information Management"},{"key":"key2025011616444655900_ref069","unstructured":"National Institute of Standards and Technology (2018), \u201cNIST framework for improving critical infrastructure cybersecurity\u201d, Retrieved 24 January, 2024, available at: www.nist.gov\/cyberframework\/framework"},{"key":"key2025011616444655900_ref070","article-title":"Information security management: Factors that influence security investments in SMES","volume-title":"11th Australian Information Security Management Conference","year":"2013"},{"issue":"3","key":"key2025011616444655900_ref071","doi-asserted-by":"publisher","first-page":"732","DOI":"10.1080\/07421222.2021.1962601","article-title":"Protecting against threats to information security: an attitudinal ambivalence perspective","volume":"38","year":"2021","journal-title":"Journal of Management Information Systems"},{"key":"key2025011616444655900_ref072","doi-asserted-by":"publisher","first-page":"102432","DOI":"10.1016\/j.ijinfomgt.2021.102432","article-title":"Going through the emotions of regret and fear: Revisiting protection motivation for identity theft protection","volume":"62","year":"2022","journal-title":"International Journal of Information Management"},{"key":"key2025011616444655900_ref073","doi-asserted-by":"publisher","first-page":"102960","DOI":"10.1016\/j.cose.2022.102960","article-title":"The valued coexistence of protection motivation and stewardship in information security behaviors","volume":"124","year":"2023","journal-title":"Computers and Security"},{"issue":"1","key":"key2025011616444655900_ref074","first-page":"87","article-title":"How treaties and technology have changed intellectual property law book reviews","volume":"16","year":"2016","journal-title":"Journal of International Business and Law"},{"key":"key2025011616444655900_ref075","article-title":"Managing security threats and vulnerabilities for small to medium enterprises","volume-title":"2007 IEEE Intelligence and Security Informatics","year":"2007"},{"issue":"4","key":"key2025011616444655900_ref076","doi-asserted-by":"crossref","first-page":"472","DOI":"10.1093\/comjnl\/bxx093","article-title":"Risk and the small-scale cyber security decision making dialogue\u2014a UK case study","volume":"61","year":"2018","journal-title":"The Computer Journal"},{"key":"key2025011616444655900_ref077","doi-asserted-by":"crossref","unstructured":"Paulsen, C. and Toth, P. (2016), \u201cSmall business information security: the fundamentals\u201d, available at: https:\/\/csrc.nist.rip\/publications\/detail\/nistir\/7621\/rev-1\/final","DOI":"10.6028\/NIST.IR.7621r1"},{"issue":"5","key":"key2025011616444655900_ref078","doi-asserted-by":"publisher","first-page":"879","DOI":"10.1037\/0021-9010.88.5.879","article-title":"Common method biases in behavioral research: a critical review of the literature and recommended remedies","volume":"88","year":"2003","journal-title":"Journal of Applied Psychology"},{"issue":"3","key":"key2025011616444655900_ref079","doi-asserted-by":"crossref","first-page":"490","DOI":"10.3390\/jcp2030025","article-title":"Work experience as a factor in cyber-security risk awareness: a survey study with university students","volume":"2","year":"2022","journal-title":"Journal of Cybersecurity and Privacy"},{"issue":"4","key":"key2025011616444655900_ref080","doi-asserted-by":"crossref","first-page":"179","DOI":"10.1080\/07421222.2015.1138374","article-title":"The impact of organizational commitment on insiders\u2019 motivation to protect organizational information assets","volume":"32","year":"2015","journal-title":"Journal of Management Information Systems"},{"issue":"1","key":"key2025011616444655900_ref081","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1080\/00223980.1975.9915803","article-title":"A protection motivation theory of fear appeals and attitude change1","volume":"91","year":"1975","journal-title":"The Journal of Psychology"},{"key":"key2025011616444655900_ref082","first-page":"153","article-title":"Cognitive and psychological processes in fear appeals and attitude change: a revised theory of protection motivation","year":"1983","journal-title":"Social Psychophysiology: A Sourcebook"},{"key":"key2025011616444655900_ref083","volume-title":"Protection Motivation Theory","year":"1997"},{"key":"key2025011616444655900_ref084","unstructured":"RSM US LLP (2018), \u201cMiddle market businesses advance cybersecurity protections but might underestimate risk\u201d, available at: www.prnewswire.com\/news-releases\/middle-market-businesses-advance-cybersecurity-protections-but-might-underestimate-risk-rsm-survey-finds-300648315.html"},{"key":"key2025011616444655900_ref085","doi-asserted-by":"crossref","first-page":"144","DOI":"10.1016\/j.ijinfomgt.2019.04.011","article-title":"Stakeholder perceptions of information security policy: analyzing personal constructs","volume":"50","year":"2020","journal-title":"International Journal of Information Management"},{"issue":"2","key":"key2025011616444655900_ref086","doi-asserted-by":"crossref","first-page":"217","DOI":"10.1016\/j.im.2013.08.006","article-title":"Employees\u2019 adherence to information security policies: an exploratory field study","volume":"51","year":"2014","journal-title":"Information and Management"},{"key":"key2025011616444655900_ref087","unstructured":"Small Business Commissioner (2023), \u201cCybercrime losses doubled for small businesses\u201d, Retrieved January 17, 2024, available at: www.smallbusiness.nsw.gov.au\/news-podcasts\/news\/cybercrime-losses-doubled-small-businesses"},{"key":"key2025011616444655900_ref088","unstructured":"Small Business Digital Taskforce (2018), available at: www.industry.gov.au\/sites\/default\/files\/small_business_digital_taskforce_-_report_to_government.pdf?acsf_files_redirect"},{"key":"key2025011616444655900_ref089","article-title":"ISO\/IEC 27001:2022 information security, cybersecurity and privacy protection\u2014information security management systems \u2013 requirements","author":"Standards Australia Limited","year":"2022"},{"issue":"10","key":"key2025011616444655900_ref090","doi-asserted-by":"publisher","first-page":"2082","DOI":"10.1111\/risa.14092","article-title":"Cyber risk assessment in small and medium-sized enterprises: a multilevel decision-making approach for small e-tailors","volume":"43","year":"2023","journal-title":"Risk Analysis"},{"key":"key2025011616444655900_ref091","unstructured":"Szczesny, M. (2023), \u201cUnderstanding the impact of cyberattacks on small businesses\u201d, Security Magazine. Retrieved January 17, 2024, available at: www.securitymagazine.com\/articles\/99753-understanding-the-impact-of-cyberattacks-on-small-businesses"},{"key":"key2025011616444655900_ref092","doi-asserted-by":"publisher","first-page":"102385","DOI":"10.1016\/j.cose.2021.102385","article-title":"The good, the bad and the missing: a narrative review of cyber-security implications for Australian small businesses","volume":"109","year":"2021","journal-title":"Computers and Security"},{"issue":"4","key":"key2025011616444655900_ref093","doi-asserted-by":"crossref","first-page":"561","DOI":"10.2307\/249633","article-title":"Assessing IT usage: the role of prior experience","volume":"19","year":"1995","journal-title":"MIS Quarterly"},{"key":"key2025011616444655900_ref094","doi-asserted-by":"publisher","first-page":"376","DOI":"10.1016\/j.cose.2017.07.003","article-title":"Security begins at home\u201d: determinants of home computer and mobile device security behavior","volume":"70","year":"2017","journal-title":"Computers and Security"},{"key":"key2025011616444655900_ref095","doi-asserted-by":"publisher","first-page":"68","DOI":"10.1016\/j.cose.2018.08.007","article-title":"The impact of security awareness on information technology professionals\u2019 behavior","volume":"79","year":"2018","journal-title":"Computers and Security"},{"key":"key2025011616444655900_ref096","doi-asserted-by":"crossref","first-page":"138","DOI":"10.1016\/j.cose.2016.02.009","article-title":"Understanding online safety behaviors: a protection motivation theory perspective","volume":"59","year":"2016","journal-title":"Computers and Security"},{"issue":"4","key":"key2025011616444655900_ref097","doi-asserted-by":"crossref","first-page":"267","DOI":"10.1016\/0148-2963(89)90008-8","article-title":"Protection motivation theory: an extension of fear appeals theory in communication","volume":"19","year":"1989","journal-title":"Journal of Business Research"},{"issue":"2","key":"key2025011616444655900_ref098","doi-asserted-by":"crossref","first-page":"186","DOI":"10.1287\/mnsc.46.2.186.11926","article-title":"A theoretical extension of the technology acceptance model: four longitudinal field studies","volume":"46","year":"2000","journal-title":"Management Science"},{"issue":"3","key":"key2025011616444655900_ref099","doi-asserted-by":"crossref","first-page":"425","DOI":"10.2307\/30036540","article-title":"User acceptance of information technology: toward a unified view","volume":"27","year":"2003","journal-title":"MIS Quarterly"},{"key":"key2025011616444655900_ref100","unstructured":"Verizon (2023), \u201c2023 Data breach investigations report\u201d, available at: www.verizon.com\/business\/resources\/reports\/dbir\/"},{"key":"key2025011616444655900_ref101","doi-asserted-by":"publisher","first-page":"860","DOI":"10.1016\/j.cose.2018.03.008","article-title":"Understanding smartphone security behaviors: an extension of the protection motivation theory with anticipated regret","volume":"77","year":"2018","journal-title":"Computers and Security"},{"key":"key2025011616444655900_ref102","doi-asserted-by":"publisher","first-page":"102309","DOI":"10.1016\/j.cose.2021.102309","article-title":"Redefining threat appraisals of organizational insiders and exploring the moderating role of fear in cyberattack protection motivation","volume":"106","year":"2021","journal-title":"Computers and Security"},{"key":"key2025011616444655900_ref103","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1016\/j.dss.2016.09.013","article-title":"Continuance of protective security behavior: a longitudinal study","volume":"92","year":"2016","journal-title":"Decision Support Systems"},{"issue":"1","key":"key2025011616444655900_ref104","article-title":"Predicting susceptibility to cyber-fraud victimhood","volume":"26","year":"2019","journal-title":"Journal of Financial Crime"},{"key":"key2025011616444655900_ref105","article-title":"Small business\u2014a cyber resilience vulnerability","volume-title":"1st International Cyber Resilience Conference","year":"2010"},{"issue":"5","key":"key2025011616444655900_ref106","doi-asserted-by":"crossref","first-page":"463","DOI":"10.1108\/09685220810920549","article-title":"A test of interventions for security threats from social engineering","volume":"16","year":"2008","journal-title":"Information Management and Computer Security"},{"key":"key2025011616444655900_ref107","unstructured":"World Economic Forum (2022), \u201cThe global risks report W. E. Forum\u201d, available at: www3.weforum.org\/docs\/WEF_The_Global_Risks_Report_2022.pdf"},{"key":"key2025011616444655900_ref108","doi-asserted-by":"publisher","first-page":"106229","DOI":"10.1016\/j.chb.2019.106229","article-title":"Empirical study of knowledge withholding in cyberspace: integrating protection motivation theory and theory of reasoned behavior","volume":"105","year":"2020","journal-title":"Computers in Human Behavior"},{"issue":"3\/4","key":"key2025011616444655900_ref109","first-page":"180","article-title":"Am I really at risk? Determinants of online users' intentions to use strong passwords","volume":"8","year":"2009","journal-title":"Journal of Internet Commerce"},{"key":"key2025011616444655900_ref110","first-page":"1695","article-title":"Human factors in cybersecurity: issues and challenges in big data","year":"2021","journal-title":"Research Anthology on Privatizing and Securing Data"},{"key":"key2025011616444655900_ref111","article-title":"Analyzing the perceived severity of cybersecurity threats reported on social media","year":"2019"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-10-2023-0176\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-10-2023-0176\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:16Z","timestamp":1753406596000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/33\/1\/49-76\/1239978"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,17]]},"references-count":111,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2024,4,17]]},"published-print":{"date-parts":[[2025,1,20]]}},"alternative-id":["10.1108\/ICS-10-2023-0176"],"URL":"https:\/\/doi.org\/10.1108\/ics-10-2023-0176","relation":{},"ISSN":["2056-4961","2056-497X"],"issn-type":[{"value":"2056-4961","type":"print"},{"value":"2056-497X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,4,17]]}}}