Heeding the messenger: The influence of sender characteristics on security message compliance intentions

Abstract

How security messages can be used to motivate information technology (IT) users’ security behaviour has been of keen interest to IS research. To that end, studies have focused on the content of security messages; however, few studies have examined the influence of message senders. In this paper, we build on social influence theory and integrate it with the concept of inferences of manipulative intent (IMI) to develop a model that examines how perceptions of sender characteristics—cybersecurity expertise, coercive power, and similarity—can yield positive and negative influence on message outcomes, captured in recipients’ message compliance intentions. We test our model in four different studies using field and scenario experiments across three target populations: the general public, students, and employees. Perceived expertise, power, and similarity had similar effects among the general public and students: Perceived expertise was positively associated with message outcomes, but perceived power and similarity were negatively associated. In contrast, employees reacted differently from the general public and students in that they responded positively to perceived power, with perceived expertise and similarity having negligible effects. Across these three target populations, we found that participants reacted to senders high in perceived power and similarity with IMI, which reduced their message compliance intentions. Our results suggest that senders must be chosen carefully, depending on the target population, because selecting the wrong sender can increase the likelihood of a message being rejected.