EXTENDING PROTECTION MOTIVATION THEORY FOR ORGANIZATIONAL CYBERSECURITY BEHAVIOR: A SYSTEMATIC LITERATURE REVIEW

Susyanto Susyanto; Rita Yuni Mulyanti; Nova Rini

doi:10.22437/jiituj.v10i2.54776

Authors

Susyanto Susyanto Universitas Teknologi Muhammadiyah Jakarta https://orcid.org/0009-0009-9540-4246
Rita Yuni Mulyanti Universitas Teknologi Muhammadiyah Jakarta https://orcid.org/0000-0002-4889-5339
Nova Rini Universitas Teknologi Muhammadiyah Jakarta https://orcid.org/0000-0002-9251-9648

DOI:

https://doi.org/10.22437/jiituj.v10i2.54776

Keywords:

Cybersecurity Awareness, Cybersecurity Behavior, Protection Motivation Theory, Self-Efficacy, Systematic Literature Review

Abstract

This study systematically synthesizes and critically evaluates the application of Protection Motivation Theory (PMT) in explaining organizational cybersecurity behavior, addressing conceptual fragmentation in prior research through the integration of protection habit and cybersecurity awareness into an extended PMT framework. A Systematic Literature Review (SLR) was conducted in accordance with PRISMA 2020 guidelines, drawing on peer-reviewed studies published between 2015 and 2025 retrieved from Scopus-indexed and major academic databases using structured Boolean search strategies. Following duplicate removal, screening, and full-text eligibility assessment, 35 studies were included and analyzed through thematic and narrative interpretative synthesis. The findings indicate that coping appraisal particularly self-efficacy consistently exerts a stronger influence on cybersecurity behavior than threat appraisal. However, sustainable compliance is reinforced by protection habits and cognitively mediated by cybersecurity awareness, suggesting that PMT functions as a dynamic motivational system rather than a static cognitive model. The study contributes theoretically by reconceptualizing protection habit as a behavioral reinforcement mechanism and cybersecurity awareness as a translational mediator within the PMT structure, thereby proposing an integrative behavioral-system model to enhance theoretical coherence and contextual applicability in organizational cybersecurity research.

Downloads

Download data is not yet available.

Author Biographies

Susyanto Susyanto, Universitas Teknologi Muhammadiyah Jakarta

Muhammadiyah University of Technology Jakarta, Jakarta, Indonesia

Rita Yuni Mulyanti, Universitas Teknologi Muhammadiyah Jakarta

Muhammadiyah University of Technology Jakarta, Jakarta, Indonesia

Nova Rini, Universitas Teknologi Muhammadiyah Jakarta

Muhammadiyah University of Technology Jakarta, Jakarta, Indonesia

References

Abu-Taieh, E. M., AlHadid, I., Abu-Tayeh, S., Masa’deh, R., Alkhawaldeh, R. S., Khwaldeh, S., & Alrowwad, A. (2022). Continued intention to use of m-banking in jordan by integrating utaut, tpb, tam and service quality with ml. Journal of Open Innovation: Technology, Market, and Complexity, 8(3), 120. https://doi.org/10.3390/joitmc8030120.

Alrawhani, E. M., Romli, A. B., Al-Sharafi, M. A., & Alkawsi, G. (2025). Integrating information security culture and protection motivation to enhance compliance with information security policies in banking: evidence from PLS-SEM and fsQCA. International Journal of Human–Computer Interaction, 1–22.

Alshammari, A., Benson, V., & Batista, L. (2024a). The influences of employees’ emotions on their cyber security protection motivation behaviour: a theoretical framework. International Conference on Enterprise Information Systems, ICEIS - Proceedings, 2(Iceis), 524–531. https://doi.org/10.5220/0012681600003690.

Akib, A. A. P. M., Candiwan, C., & Ramadhani, D. P. (2025). Cybersecurity compliance and other factors influencing employee protective behavior: A case study of Bank X in Indonesia. International Journal of Safety & Security Engineering, 15(6). https://doi.org/10.18280/ijsse.150613.

Ansong, S., Rankothge, W., Sadeghi, S., Mohammadian, H., Rashid, F. Bin, & Ghorbani, A. (2025). Computers & Security Role of cybersecurity for a secure global communication eco-system : A comprehensive cyber risk assessment for satellite communications. Computers & Security, 149(July 2024), 104156. https://doi.org/10.1016/j.cose.2024.104156.

Baltuttis, D., Teubner, T., & Adam, M. T. P. (2024). A typology of cybersecurity behavior among knowledge workers. Computers & Security, 140(August 2023), 103741. https://doi.org/10.1016/j.cose.2024.103741.

Bigsby, E., & Albarracín, D. (2022). Self and response efficacy information in fear appeals: A Meta-Analysis. Journal of Communication, 72(2), 241–263. https://doi.org/10.1093/joc/jqab048.

Carter, T., & Mcnealey, R. L. (2025). Protection motivation and cybersecurity intentions : a visual conjoint experiment.

Crossler, R., Tech, V., & Crossler, R. (2015). An Extended Perspective on Individual Security Behaviors : Protection Motivation Theory and a Unified Security Practices ( USP ) Instrument An Extended Perspective on Individual Security Behaviors : Protection Motivation Theory and a Unified Security Prac. (November).

Davis, J. M., Agrawal, D., & Austin, R. (2024). Fostering security-related citizenship through the employee-supervisor relationship : An examination of supervisor security embodiment. Computers & Security, 142(October 2023), 103896. https://doi.org/10.1016/j.cose.2024.103896.

Debb, D., & McClellan, P. (2021). Application of PMT in cybersecurity risk management. Journal of Cybersecurity Management, 34(2), 45–59. https://doi.org/10.1016/j.jcyb.2021.106539.

Debb, D., & McClellan, P. (2021). Evaluating cybersecurity behaviors through PMT. International Journal of Cybersecurity and Digital Forensics, 7(3), 101–115. https://doi.org/10.1016/j.ijcdf.2021.106529.

Debb, S. M., & Mcclellan, M. K. (2021). Perceived vulnerability as a determinant of increased risk for cybersecurity risk behavior. Cyberpsychology, Behavior, and Social Networking, 24(9), 605–611. https://doi.org/10.1089/cyber.2021.0043.

Farooq, A., Laato, S., & Najmul Islam, A. K. M. (2020). Impact of online information on self-isolation intention during the COVID-19 Pandemic: Cross-Sectional study. Journal of Medical Internet Research, 22(5), 1–15. https://doi.org/10.2196/19128.

Fissel, E., & Lee, J. (2023). The cybercrime illusion: Examining the impact of cybercrime misbeliefs on perceptions of cybercrime seriousness. Journal of Criminology, 56, 263380762311746. https://doi.org/10.1177/26338076231174639.

Ghelani, D., Hua, T. K., & Koduru, S. K. R. (2022). Cyber security threats, vulnerabilities, and security solutions models in banking. Authorea Preprints.

Hoong, Y., & Rezania, D. (2024). Navigating Cybersecurity Governance : The influence of opportunity structures in socio-technical transitions for small and medium enterprises. Computers & Security, 142(April), 103852. https://doi.org/10.1016/j.cose.2024.103852.

Jamil, H., Zia, T., Nayeem, T., & Whitty, M. T. (2024). Human-centric cyber security: Applying protection motivation theory to analyse micro business owners’ security behaviours. Computers & Security, 64(2), 45–62.

Kiran, U., Khan, N. F., Murtaza, H., Farooq, A., & Pirkkalainen, H. (2025a). Explanatory and predictive modeling of cybersecurity behaviors using protection motivation theory. Computers and Security, 149(July 2024), 104204. https://doi.org/10.1016/j.cose.2024.104204.

Kuraku, D. S., Kalla, D., Smith, N., & Samaah, F. (2023). Exploring how user behavior shapes cybersecurity awareness in the face of phishing attacks. International Journal of Computer Trends and Technology. 71(11), 74–79.

Lee, Y. I., & Lee, P. R. (2023). Cybersecurity behavior: Engaging and maintaining secure habits. International Journal of Technology, 14(2), 125–139. https://doi.org/10.1108/IJT-01-2022-0034.

Li, L., Xu, L., & He, W. (2022). The effects of antecedents and mediating factors on cybersecurity protection behavior. Computers in Human Behavior Reports, 5(July 2021). https://doi.org/10.1016/j.chbr.2021.100165.

Lusandri, C., Marlina, N., Redemptus, M., & Nitu, N. (2025). The gap between cybersecurity experience and behavior: A case study of digital native students at the university of Papua. Amkop Management Accounting Review (AMAR) 5(2), 1638–1656. https://doi.org/10.37531/amar.v5i2.3464.

Musbah, K., & Titi, E. (2025). Comprehensive analysis of cybersecurity awareness among students’ universities. International Journal of Innovative Technology and Exploring Engineering (IJITEE). 3075(5), 6–14. https://doi.org/10.35940/ijitee.E4613.14050425.

Oakley, M., Himmelweit, S. M., Leinster, P., & Casado, M. R. (2020). Protection motivation theory: A proposed theoretical extension and moving beyond rationality-the case of flooding. Water (Switzerland), 12(7), 1–14. https://doi.org/10.3390/W12071848.

Pan, J., Teng, Y., & Wu, K. (2025). Psychological Aspects of Security Awareness on Facial Recognition Services Adoption in Hotels : A Protection Motivation Theory Approach. (151), 1–20. https://doi.org/10.1177/21582440251370440.

Policy, S., & Behavior, P. (2024). Information (Cyber) Security Policy (ISP/CSP), Theory of Planed Behavior (TPB), Self-Efficacy (SEC), Normative Belief (NB), Attitude (ATT), Information (Cyber) Security Awareness(ISA/CSA), Intention to Comply(ITC) 1. 1–24.

Prasetyo, A., Aji, R. F., & Wibowo, W. S. (2025). Assessing information security awareness among indonesian government employees: A case study of the meteorology, climatology, and geophysics agency. Journal of Information Systems Engineering & Business Intelligence, 11(2). http://doi.org/10.20473/jisebi.11.2.126-142.

Qalby, H., Hariyanto, G. Y., Utomo, D. T., & Kartono Rahim, R. (2025). The influence of cybersecurity protection behavior: employees of big four account firm companies. Jurnal Impresi Indonesia, 4(5), 1780–1798. https://doi.org/10.58344/jii.v4i5.6684.

Singo, S., & Ludonga, A. (2025). Cyber Risk Management: A Frameworks, Strategies, and Case Studies in Cybersecurity. Cyber Risk Management: A Frameworks, Strategies, and Case Studies in Cybersecurity (October 24, 2025).

Sommestad, T., & Hallberg, J. (2015). A Meta-Analysis of Studies on Protection Motivation Theory and Information Security Behaviour. 9(March), 26–46. https://doi.org/10.4018/IJISP.2015010102.

Sulaiman, N. S., Fauzi, M. A., & Hussain, S. (2022). The role of self-efficacy in cybersecurity decision-making. Computers in Human Behavior, 127, 106996. https://doi.org/10.1016/j.chb.2022.106996.

Sulaiman, N. S., Fauzi, M. A., Hussain, S., & Wider, W. (2022). Cybersecurity behavior among government employees: The role of protection motivation theory and responsibility in mitigating cyberattacks. Information, 13(9), 413. https://www.mdpi.com/2078-2489/13/9/413.

Van Devender, M., & McDonald, J. T. (2023). A Quantitative Risk Assessment Framework for the Cybersecurity of Networked Medical Devices. International Conference on Cyber Warfare and Security, 18(1), 402–411. https://doi.org/10.34190/iccws.18.1.986.

Vortia, W. (2025). Modelling cybersecurity awareness , perceived threats and secure online behavioral intentions among Ghanaian university students : A PLS-SEM Approach. 14(02), 96–111.

Waliullah, M., George, M. Z. H., Hasan, M. T., Alam, M. K., Munira, M. S. K., & Siddiqui, N. A. (2025). Assessing the influence of cybersecurity threats and risks on the adoption and growth of digital banking: A systematic literature review. arXiv preprint arXiv:2503.22710.. https://doi.org/10.63125/fh49gz18.

Willie, M. M. (2023). The Role of Organizational Culture in Cybersecurity : Building a Security-First Culture. 2(4), 179–198.

Yuliana, P. D., & Aprianingsih, A. (2022). Factors involved in adopting mobile banking for Sharia Banking Sector using UTAUT 2. Jurnal Keuangan Dan Perbankan, 26(1), 184–207. https://doi.org/10.26905/jkdp.v26i1.6858.

Zwilling, M., Klien, G., Lesjak, D., Wiechetek, Ł., Cetin, F., & Basim, H. N. (2022). Cyber Security Awareness, Knowledge and Behavior: A Comparative Study. Journal of Computer Information Systems, 62(1), 82–97. https://doi.org/10.1080/08874417.2020.1712269.