EFFECTIVENESS OF ABSTRACT VERSUS CONCRETE FEAR APPEALS IN INFORMATION SECURITY
In a forthcoming paper in the Journal of Management Information Systems, my team examines how the design of security messages impacts their effectiveness. To encourage individuals to engage in and learn about secure behaviors, we examine fear appeals, which are short messages that communicate threats and efficacy to elicit protection motivation among recipients. Information Security (ISec) research has reported contradictory findings on what makes fear appeals effective in ISec contexts, and this lack of clarity is problematic, because it may lead to incorrect conclusions. For example, some studies have argued that the mixed findings arise from differences between personal and organizational contexts and that fear appeals do not work well among organizational users. However, this argument has not been empirically tested, and differences in message design provide an equally plausible explanation, which has also not been tested. To reconcile the mixed findings across these studies, we test the effects of context (i.e., personal users vs. organizational users) and degree of message abstractness (i.e., abstract vs. concrete) on fear-appeal outcomes. We draw from construal-level theory to conceptualize the differences between abstract and concrete fear appeals. Across three experiments, we find evidence that concrete fear appeals are more effective than abstract fear appeals for the purpose of stimulating fear-appeal outcomes. Furthermore, by comparing two identical experiments—one conducted with personal users and another conducted with organizational users—we find differences in participants’ responses to fear appeals. However, contrary to our expectations, our findings suggest that organizational users report higher levels of fear and protection motivation than personal users. This finding is not a theoretical contradiction: the theoretical crux of an effective fear appeal is that it must be personally relevant to stimulate fear; correspondingly, we show that concrete fear appeals help stimulate fear and the desired protective response. Moreover, concrete fear appeals increase actual compliance behaviors, not just intentions. Thus, our findings suggest that the mixed findings in the literature may be a product of message abstractness and differences among audiences. This has pivotal implications for how to construct fear appeals in research and practice.
This paper is co-authored with Sebastian W. Schuetz (Florida International University), Paul Benjamin Lowry (Virginia Tech), and Daniel A. Pienta (Baylor University).
Recommended Citation: Schuetz, S., Lowry, P.B., Pienta, D., and Thatcher J.B. (Forthcoming). “On the design of information security messages: The effects of temporal distance and argument nature.” Journal of MIS.