“Security begins at home”: Determinants of home computer and mobile device security behavior

Personal computing users are vulnerable to information security threats, as they must independently make decisions about how to protect themselves, often with little understanding of technology or its implications. However, personal computing users are under-represented in security research studies, especially for mobile device use. The study described in this paper addresses this research gap by evaluating data from 629 home computer and mobile device users to improve understanding of security behavior in both contexts. The research model extends protection motivation theory by including the roles of social influences and psychological ownership, and by including actual behavior. The model was separately tested with home computer users and mobile device users and data reveals that some of the determinants of security behavior differ between home computer and mobile device use. The results show that perceived vulnerability, self-efficacy, response cost, descriptive norm and psychological ownership all influenced personal computing security intentions and behavior for both home computer users and mobile device users. However, perceived severity was only found to play a role in mobile device security behavior and neither response efficacy nor subjective norm influenced security intentions for either type of user. These findings are discussed in terms of their practical and research implications as well as generating new research opportunities into personal computing security.