This study examines changes in cyber hygiene using protection motivation theory. It considers how individual traits—self-control, technical skill, and thoughtfully reflective decision-making (TRDM)—shape intentions to improve cybersecurity. We randomly assigned Participants to one of four identity-theft messages: statistical, authoritative, narrative, or combined. Cyber hygiene was measured before and after exposure. Message style had no differential effect, but all messages raised intentions. Coping appraisals and fear significantly predicted cyber hygiene intentions, though vulnerability did not. A mixed effects model indicated 61% of the variance was attributed to person-level factors (the R² from fixed and random effects), highlighting the need for tailored interventions to enhance cybersecurity behaviors. Findings support PMT-based interventions and suggest tailoring message style to individual traits may improve effectiveness.
AbrahamC. S.SheeranP.AbramsD.SpearsR. (1994). Exploring teenagers’ adaptive and maladaptive thinking about the threat of HIV infection. Psychology & Health, 9, 253–272.
2.
AllenM.PoggialiD.WhitakerK.MarshallT. R.van LangenJ.KievitR. A. (2021). Raincloud plots: A multi-platform tool for robust data visualization. Wellcome Open Research, 4, 63.
3.
AndersonC. L.AgarwalR. (2010). Practicing safe computing: A multimethod empirical examination of home computer user security behavioral intentions. MIS Quarterly, 34, 613–643.
4.
BossS. R.GallettaD. F.LowryP. B.MoodyG. D.PolakP. (2015). What do systems users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviors. MIS Quarterly, 39(4), 837–864.
5.
BosslerA. M.HoltT. J. (2009). On-line activities, guardianship, and malware infection: An examination of routine activities theory. International Journal of Cyber Criminology, 3(1), 400–420.
6.
BosslerA. M.HoltT. J. (2010). The effect of self-control on victimization in the cyberworld. Journal of Criminal Justice, 38, 227–236.
7.
BrouwersM. C.SorrentinoR. M. (1993). Uncertainty orientation and protection motivation theory: The role of individual differences in health compliance. Journal of Personality and Social Psychology, 65, 102–112.
8.
BurrussG. W.JaynesC. M.MouleR. K.Jr.FairchildR. E. (2021). Modeling individual defiance of COVID-19 pandemic mitigation strategies: Insights from the expanded model of deterrence and protection motivation theory. Criminal Justice and Behavior, 48, 1317–1338.
9.
CaineA. A.EdwardsM. E.StillJ. D. (2018). An exploratory study of cyber hygiene. Journal of Information Security and Applications, 42, 36–45.
10.
ChoiK. S. (2008). Computer crime victimization and integrated theory: An empirical assessment. International Journal of Cyber Criminology, 2(1), 308–333.
Dang-PhamD.PittayachawanS. (2015). Comparing intention to avoid malware across contexts in a BYOD-enabled Australian university: A Protection Motivation Theory approach. Computers & Security, 48, 281–297.
13.
De WitJ. B.DasE.VetR. (2008). What works best: Objective statistics or a personal testimonial? An assessment of the persuasive effects of different types of message evidence on risk perception. Health Psychology, 27(1), 110.
14.
DillardJ. P.NabiR. L. (2006). The persuasive influence of emotion in cancer prevention and detection messages. Journal of Communication, 56(suppl_1), S123–S139.
15.
DodgeC. E.FiskN.BurrussG. W.Moule JrR. K.JaynesC. M. (2023). What motivates users to adopt cybersecurity practices? A survey experiment assessing protection motivation theory. Criminology & Public Policy, 22, 849–868.
16.
DupontB.HoltT. (2022). The human factor of cybercrime. Social Science Computer Review, 40, 860–864.
FloydD. L.Prentice-DunnS.RogersR. W. (2000). A meta-analysis of research on protection motivation theory. Journal of Applied Social Psychology, 30(2), 407–429.
19.
FreimuthV. S.SteinJ. A.KeanT. J. (1989). Searching for health information: The cancer information service model. University of Pennsylvania Press.
20.
GottfredsonM. R.HirschiT. (1990). A general theory of crime. Stanford University Press.
21.
GuedesI.MartinsM.CardosoC. S. (2023). Exploring the determinants of victimization and fear of online identity theft: An empirical study. Security Journal, 36, 472–497.
22.
HoltT. J.BosslerA. M. (2013). Examining the relationship between routine activities and malware infection indicators. Journal of Contemporary Criminal Justice, 29(4), 420–436.
23.
HoltT. J.BosslerA. M.MalinskiR.MayD. C. (2016). Identifying predictors of unwanted online sexual conversations among youth using a low self-control and routine activity framework. Journal of Contemporary Criminal Justice, 32, 108–128.
24.
HoltfreterK.ReisigM. D.PrattT. C.HoltfreterR. E. (2015). Risky remote purchasing and identity theft victimization among older Internet users. Psychology, Crime & Law, 21, 681–698.
25.
HoonakkerP.BornoeN.CarayonP. (2009). Password authentication from a human factors perspective: Results of a survey among end-users. Proceedings of the Human Factors and Ergonomics Society Annual Meeting, 53(6), 459–463.
26.
HooperV.BluntC. (2020). Factors influencing the information security behaviour of IT employees. Behaviour & Information Technology, 39(8), 862–874.
27.
HowellC. J. (2021). Self-protection in cyberspace: Assessing the processual relationship between thoughtfully reflective decision-making, protection motivation theory, cyber hygiene, and victimization. University of South Florida.
28.
HuY.Shyam SundarS. (2010). Effects of online health sources on credibility and behavioral intentions. Communication Research, 37(1), 105–132.
29.
IfinedoP. (2012). Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory. Computers & Security, 31(1), 83–95.
30.
KamarE.HowellC. J.MaimonD.BerenblumT. (2023). The moderating role of thoughtfully reflective decision-making on the relationship between information security messages and smishing victimization: An experiment. Justice Quarterly, 40, 837–858.
31.
KennisonS.Chan-TinE. (2020). Taking risks with cybersecurity: Using knowledge and personal characteristics to predict self-reported cybersecurity behaviors. Frontiers in Psychology, 11, Article 546546. https://doi.org/10.3389/fpsyg.2020.546546
32.
KlasnjaP.ConsolvoS.JungJ.GreensteinB. M.LeGrandL.PowledgeP.WetherallD. (2009, April4–9). “When I am on Wi-Fi, I am fearless”: Privacy concerns and practices in everyday Wi-Fi use [Conference session]. SIGCHI Conference on Human Factors in Computing Systems, Boston, MA, United States (pp. 1993–2002).
33.
LeeC.ChuaY. (2023). The role of cybersecurity knowledge and awareness in cybersecurity intention and behavior in the United States. Crime & Delinquency, 70, 2250–2277. https://doi.org/10.1177/00111287231180093
34.
LouderbackE. R.AntonaccioO. (2017). Exploring cognitive decision-making processes, computer-focused cyber deviance involvement and victimization: The role of thoughtfully reflective decision-making. Journal of Research in Crime and Delinquency, 54, 639–679.
35.
LwinM. O.LiB.AngR. P. (2012). Stop bugging me: An examination of adolescents’ protection behavior against online harassment. Journal of Adolescence, 35(1), 31–41.
36.
MadduxJ. E.RogersR. W. (1983). Protection motivation and self-efficacy: A revised theory of fear appeals and attitude change. Journal of Experimental Social Psychology, 19, 469–479.
37.
MaimonD.AntonaccioO.FrenchM. T. (2012). Severe sanctions, easy choice? Investigating the role of school sanctions in preventing adolescent violent offending. Criminology, 50, 495–524.
38.
McMathB. F.Prentice-DunnS. (2005). Protection motivation theory and skin cancer risk: The role of individual differences in responses to persuasive appeals. Journal of Applied Social Psychology, 35, 621–643.
39.
MenardP.BottG. J.CrosslerR. E. (2017). User motivations in protecting information security: Protection motivation theory versus self-determination theory. Journal of Management Information Systems, 34(4), 1203–1230.
40.
NeigelA. R.ClaypooleV. L.WaldfogleG. E.AcharyaS.HancockG. M. (2020). Holistic cyber hygiene education: Accounting for the human factors. Computers & Security, 92, Article 101731.
41.
PartinR. D.MeldrumR. C.LehmannP. S.BackS.TruccoE. M. (2022). Low self-control and cybercrime victimization: An examination of indirect effects through risky online behavior. Crime & Delinquency, 68, 2476–2502.
42.
PaternosterR.PogarskyG. (2009). Rational choice, agency, and thoughtfully reflective decision making: The short and long-term consequences of making good choices. Journal of Quantitative Criminology, 25, 103–127.
43.
PaternosterR.PogarskyG.ZimmermanG. (2011). Thoughtfully reflective decision making and the accumulation of capital: Bringing choice back in. Journal of Quantitative Criminology, 27, 1–26.
44.
PrattT. C.TuranovicJ. J.FoxK. A.WrightK. A. (2014). Self-control and victimization: A meta-analysis. Criminology, 52, 87–116.
45.
RenaudK.DupuisM. (2019, September23–26). Cyber security fear appeals: Unexpectedly complicated [Conference session]. In Proceedings of the New Security Paradigms Workshop (NSPW ’19), San Carlos, Costa Rica (pp. 42–56). Association for Computing Machinery.
46.
ReynsB. W.FisherB. S.RandaR. (2018). Explaining cyberstalking victimization against college women using a multitheoretical approach: Self-control, opportunity, and control balance. Crime & Delinquency, 64, 1742–1764.
47.
RogersR. W. (1975). A protection motivation theory of fear appeals and attitude change. Journal of Psychology, 91, 93–114.
48.
RogersR. W. (1983). Cognitive and psychological processes in fear appeals and attitude change: A revised theory of protection motivation. In CacioppoJ. T.PettyR. E. (Eds.), Social psychophysiology: A sourcebook (pp. 153–176). Guilford Press.
49.
SankararamanG.SureshS.KumarM. N. (2021). A study on users’ opinion on cyber security. International Journal on Global Business Management & Research, 10(2), 61–68.
SchreckC. J. (1999). Criminal victimization and low self-control: An extension and test of a general theory of crime. Justice Quarterly, 16(3), 633–654.
52.
ShenL. (2010). On a scale of state empathy during message processing. Western Journal of Communication, 74(5), 504–524.
53.
SommestadT.KarlzénH.HallbergJ. (2015). A meta-analysis of studies on protection motivation theory and information security behaviour. International Journal of Information Security and Privacy (IJISP), 9(1), 26–46.
54.
StataCorp. (2025). Stata Statistical Software: Release 19. StataCorp LLC.
55.
TuranovicJ. J.PrattT. C. (2014). “Can’t stop, won’t stop”: Self-control, risky lifestyles, and repeat victimization. Journal of Quantitative Criminology, 30, 29–56.
56.
Van BavelR.Rodríguez-PriegoN.VilaJ.BriggsP. (2019). Using protection motivation theory in the design of nudges to improve online security behavior. International Journal of Human-Computer Studies, 123, 29–39.
57.
Van WilsemJ. (2011). Worlds tied together? Online and non-domestic routine activities and their impact on digital and traditional threat victimization. European Journal of Criminology, 8, 115–127.
58.
WallJ. D.WarkentinM. (2019). Perceived argument quality’s effect on threat and coping appraisals in fear appeals: An experiment and exploration of realism check heuristics. Information & Management, 56(8), Article 103157.
59.
WeinsteinN. D. (1989). Optimistic biases about personal risks. Science, 246(4935), 1232–1233.
60.
WebbT. L.SheeranP. (2006). Does changing behavioral intentions engender behavior change? A meta-analysis of the experimental evidence. Psychological Bulletin, 132(2), 249.
61.
ZebregsS.van den PutteB.NeijensP.de GraafA. (2015). The differential impact of statistical and narrative evidence on beliefs, attitude, and intention: A meta-analysis. Health Communication, 30(3), 282–289.
