On the diffusion of security behaviours

Security behaviour has been researched from a variety of theoretical lenses, however a clear picture on the factors that foster secure behaviour is still missing. This contribution uses the diffusion of innovations theory and applies it to four exemplary security behaviours to identify how it can explain the uptake of each behaviour. In contrast to many other approaches, it focuses on the behaviour itself, not the behaving individual. We are able to show differences in the uptake of idealized security behaviours. A perceived relative advantage positively impacts the uptake of a behaviour, however this advantage seems rarely to be motivated by a perceived risk. Risk only seems to play a minor role for the diffusion of security behaviours. Additionally, the relative advantage does not seem to be a necessity for the diffusion of a behaviour. If the other properties namely compatibility, triability, observability, and low complexity of a behaviour are adequately fulfilled a successful diffusion is still possible.