Empirical assessment of mobile device users' information security behavior towards data breach Leveraging protection motivation theory

Purpose - The purpose of this paper is to investigate the information security behavior of mobile device users in the context of data breach. Much of the previous research done in user information security behavior have been in broad contexts, therefore creating needs of research that focuses on specific emerging technologies and trends such as mobile technology. Design/methodology/approach - This study was an empirical study that gathered survey data from 390 mobile users. Delphi study and pilot study were conducted prior to the main survey study. Partial Least Square Structural Equation Modeling was used to analyze the survey data after conducting pre-analysis data screening. Findings - This study shows that information security training programs must be designed by practitioners to target the mobile self-efficacy (MSE) of device users. It also reveals that practitioners must design mobile device management systems along with processes and procedures that guides users to take practical steps at protecting their devices. This study shows the high impact of MSE on users' protection motivation (PM) to protect their mobile devices. Additionally, this study reveals that the PM of users influences their usage of mobile device security. Originality/value - This study makes theoretical contributions to the existing information security literature. It confirms PM theory's power to predict user behavior within the context of mobile device security usage. Additionally, this study investigates mobile users' actual security usage. Thus, it goes beyond users' intention.