Do Security Fear Appeals Work When They Interrupt Tasks? A Multi-Method Examination of Password Strength

Abstract

Weak passwords are one of the most pervasive threats in cybersecurity. Facing this threat, users require guidance on how to protect themselves. A method frequently used by IS practitioners and researchers to provide this guidance is fear appeals, persuasive messages intended to prompt behavioral changes in response to a threat. However, previous research has not considered a key element of fear appeal effectiveness: task primacy. When fear appeals are a part of the primary or focal task, users’ cognitive engagement will be high by default. However, when fear appeals are delivered as secondary tasks, such as interruptive security messages, users’ engagement is likely to be low because the primary task takes priority in attentional and cognitive resources. In such cases, a remedy is needed to elicit engagement with the fear appeal.

In this research note, we theorize that cognitive engagement acts as a contextual moderator that is critical to the effectiveness of fear appeals under the boundary condition of task primacy. Further, we theorize that interactivity, a mechanism that adapts message content through tailored real-time feedback in response to a user’s actions, is a key remedy to enhance engagement with fear appeals. However, to date fear appeals have largely been tested in noninteractive primary tasks, and no study has provided a theoretical explanation for why interactivity enhances the power of a fear appeal.