Investigating the effect of security and privacy on IoT device purchase behaviour

(1)

Investigating the effect of security and privacy on IoT device purchase behaviour

Ho-Sam-Sooi, Nick; Pieters, Wolter; Kroesen, Maarten

DOI

10.1016/j.cose.2020.102132

Publication date

2021

Document Version

Final published version

Published in

Computers and Security

Citation (APA)

Ho-Sam-Sooi, N., Pieters, W., & Kroesen, M. (2021). Investigating the effect of security and privacy on IoT

device purchase behaviour. Computers and Security, 102, [102132].

https://doi.org/10.1016/j.cose.2020.102132

Important note

To cite this publication, please use the final published version (if applicable).

Please check the document version above.

Copyright

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons. Takedown policy

Please contact us and provide details if you believe this document breaches copyrights. We will remove access to the work immediately and investigate your claim.

This work is downloaded from Delft University of Technology.

(2)

Available

online

at

www.sciencedirect.com

journalhomepage:www.elsevier.com/locate/cose

Investigating

the

effect

of

security

and

privacy

on

IoT

device

purchase

behaviour

Nick

Ho-Sam-Sooi,

Wolter

Pieters

∗

,

Maarten

Kroesen

DelftUniversityofTechnology:FacultyofTechnology,PolicyandManagement,P.O.Box5015,2600GADelft, Netherlands

a

r

t

i

c

l

e

i

n

f

o

Articlehistory: Received8July2020 Revised5November2020 Accepted29November2020 Availableonline3December2020

Keywords: Purchasingbehaviour Security Privacy IoT Publicpolicy Choicemodelling

a

b

s

t

r

a

c

t

GiventhesignificantprivacyandsecurityrisksofInternet-of-Things(IoT)devices,itseems desirabletonudgeconsumerstowardsbuyingmoresecuredevicesandtakingprivacyinto accountinthepurchasedecision.Inordertosupportthisgoal,thisstudyexaminesthe ef-fectofsecurityandprivacyonIoTdevicepurchasebehaviourandassesseswhetherthese effectsaresensitivetoframing,usingamixedmethodsapproach.Thefirstpartofthestudy focusesonquantifyingtheeffectofsecurityandprivacycomparedtotheeffectofother de-viceattributessuchaspriceorfunctionality,bytestingacausalmodelwithchoicemodels thathavebeendevelopedfromstatedchoicedata.Thesecondpartaimstorevealthe under-lyingmechanismsthatdeterminetheeffectofprivacyandsecurityonpurchasebehaviour bymeansofaqualitativesurvey.Theresultssuggestthatsecurityandprivacycanstrongly affectpurchasebehaviour,underthecircumstancesthatprivacy-andsecurity-related infor-mationisavailableandcommunicatedinanunderstandablemanner,allowingconsumers tocomparedevices.Moreover,theresultsshowthatadescriptionofsecuritythatfocuses ongainsismoreeffectiveinnudgingconsumerstowardsbuyingsecuredevices.Future ef-fortscouldbuilduponthisstudybycomparingtheeffectofsecurityandprivacytomore deviceattributes,suchaseaseofuseorcostreduction.Theresultscanserveasabasis forinterventionsthatnudgeconsumerstowardsbuyingmoresecureandprivacy-friendly devices.

1. Introduction

IntheInternet-of-Things(IoT),physicalobjectsareconnected to a network via internet connectivity to deliver a service to a user (Sicariet al., 2015; Singh and Kapoor, 2017). The marketpenetrationandsocietalacceptanceofIoTdevicesis ever-increasing,asmoreandmoreusecasesforthedevices ariseandtheaffordabilityofthedevicesimproves.Thistrend issupportedbythedevelopmentof5Gnetworktechnology,

∗_{Corresponding}_author.

E-mailaddress:w.pieters@tudelft.nl(W.Pieters).

whichallowsforlowerlatencyconnectionsandenableslarger volumetraffic,thusvastlyimprovingthequalityofservices providedbyIoTdevices.IoTdevicescanprovidesignificant valuetoconsumersbyenablingnewfunctionalitiesthat im-provetheir quality of life.For example,smartthermostats enableconsumerstoremotelyconfiguretheheatingintheir homeorevenremovetheneedformanualadjustmentoftheir heatingsystemcompletely.

AlthoughtheadoptionofIoTdeviceshassignificant bene-fitsforconsumers,italsointroducessomenotableriskswith

https://doi.org/10.1016/j.cose.2020.102132

(3)

regardtosecurityandprivacy.Inmanycases,IoTdeviceshave inadequatebasicsecuritycontrolssuchasencryptionor au-thenticationschemes.Moreover,manufacturerscollectlarge amountsofhighlysensitivepersonalinformation,suchas en-ergyusedata.Whensuchdataissharedwithexternalthird parties,anintentionalormaliciousinfringementofthedevice owner’sprivacymightoccur.

Consumers– bothindividualandbusinessusers– canplay alargeroleinmitigatingtheserisks,forexampleby purchas-ingsecuredevicesandtakingprivacyintoaccountwhen pur-chasingadevice.Ifconsumersvaluesecurityandprivacy,and areabletodistinguishsecurefrominsecuredevices,theyare willingtopayforaddedsecurity.Manufacturersthenhavean incentivetoimprovethesecurityoftheirproducts,increasing theoverallsecurityintheIoTecosystem.However,both in-dividualconsumersandsmallcompaniesoftendonothave therequiredtechnicalknowledgetoassessthesecuritylevel ofadevice.Moreover,communicationofprivacyinformation isoftenlengthyandoverlycomplex(Schaubetal.,2015).

Therefore, it seems desirable to nudge users towards buying more secure devices and taking their privacy into accountwhenpurchasingthedevices.Governmentalbodies could playanactiverole inreachingthis goal,forexample by designing legislation or standards that describe which securityandprivacyrelatedinformationshouldbe communi-catedtowardsconsumersandhowsuchinformationshould becommunicated.

However, undertaking such initiatives requires detailed and deepinsightsinto thedecision-makingprocessof con-sumerswhenpurchasingIoTdevices.Morespecifically,it is crucialtoknowhow,andtowhatextent,privacyandsecurity influencethechoiceofconsumerstobuyIoTdevices. More-over,thesensitivityoftheseeffectswithregardtopersonal factorsshouldbeinvestigatedtoevaluatewhethertheeffect ofprivacyandsecuritydiffersbetweenvarioussubgroupsof consumers.Finally,framingcanplayarole inthe decision-makingprocess.Toillustratethis,consumersmighttake se-curityandprivacyintoaccountmorestronglywhenreceiving gain-focusedsecurityorprivacyinformation(ratherthan in-formationfocusedonlosses).Forthisreason,thesensitivityof theeffectsofprivacyandsecuritytoframingshouldbe exam-ined.Thisstudyaimstoprovidetheseinsightsbyanswering thefollowingresearchquestion:

“Howdosecurityandprivacyinfluencethechoiceofconsumers tobuyanIoTdevice?Andhowsensitiveistheeffectofsecurity andprivacytoframingandpersonalfactors?”

Forthisstudy,wefocusontheindividualconsumerasend userofIoTdevices,becauseofourinterestintheroleof per-sonalfactors.Thestudytakesamixedmethodsapproach to-wardsansweringtheresearchquestion.Thequantitativepart ofthestudyfocusesonquantifyingtheeffectofprivacyand security on consumer choice behaviourby developing and testingacausalmodelthatdescribestheeffectsofvarious ex-planatoryfactorsonchoicebehaviour.Thisgoalisreachedby constructingchoicemodelsfromdatathatisgatheredfrom astatedchoiceexperiment.Thequalitativepartofthestudy targetstheunderlyingrationalesthatdeterminehowprivacy andsecurityaffectconsumerchoicebehaviourbyasking

con-sumersopenquestionsregardingtheroleofprivacyand se-curityintheirdecisiontobuyornottobuyanIoTdevice.

The remainder of this paper is structured as follows. Firstly, the next section provides a brief overview of the existing body of literature regarding the research topic in order to develop aconceptual model that forms the basis of this study. Section 3 describes the methods that have beenusedtoconducttheanalysis.InSections4and5,the resultsoftheanalysisarepresented.Section6consistsofthe conclusionsthatanswer themainresearch questionofthe study.InSections7–9,theresultsofthestudyarediscussed intermsoftheirimplicationandlimitationsandpossibilities forfurtherresearchareintroduced.

2. Conceptual model

Currently,theeffectofsecurityandprivacyonthepurchase behaviour of consumershas not been studied extensively. However, studies in the Technology Acceptance Modelling (TAM)fieldhaveinvestigatedhowconsumerperceptionof se-curityandprivacywithregardtoinnovativetechnologies in-fluencestheiracceptance.Thebasisofthisfield,commonly knownasTechnologyAcceptanceModelling(TAM)hasbeen formedbyDavis(1989),whoconcludedthatthereexistclear relationshipsamongeaseofuse,price,usefulnessand accep-tanceofinnovativetechnologies.Davisdefinedacceptanceas theusageofatechnologyorsystembyitsendusers.

Inthefollowingyears,ITresearchershaveextendedthis modelbyaddingperceivedsecurity,riskandtrust-related fac-torsandapplyingittodigitalproducts.Forexample,Guetal., (2009)appliedtheTechnologyAcceptanceModel(TAM)to mo-bile banking. From this study,the authors concluded that trust,easeofuseandtheacceptanceofmobilebankingare closelyinterrelated.Furthermore,astudybySalisburyetal., (2001)evaluated which factors affect the willingness to en-gageinweb-basedshopping.Theresultsofthisstudyshowed thatWebsecurityperceptionplaysalargerolein determin-ingpurchaseintent.Evenmore,ithasastrongereffectthan easeofuseandusefulnessoftechnology.Theauthorsdefined Websecurityperceptionas“theextenttowhichonebelieves thattheWebissecurefortransmittingsensitiveinformation” (Salisburyetal.,2001,p.3).Theirmeasurementofthisconcept didnottakeintoaccountanyframingeffects.Onthecontrary, positiveandnegativeframeswere usedadditivelyto deter-minethesecurityperceptionofrespondents.Inlinewiththis thinking,astudybyCrespoetal.(2009)hasledtothe conclu-sionthatvariousriskfactorssuchassecuritystronglylimit theacceptanceofe-commerce.Theresearchersframed the riskfactorsaspotentiallosses,withoutincludingtheeffectof framingonchoicebehaviour.Generally,thestudiesintheTAM foundthatattributesrelatedtothefunctionality,privacyand securityofdeviceshaveapositiveeffectontheattractiveness ofadevice,whileattributesrelatedtopricehaveanegative ef-fectontheattractivenessofadevice.Therefore,thefollowing hypothesescanbederived:

- H1:ThepriceofanIoTdevice negativelyinfluencesthe probabilitythatthedeviceispurchased.

(4)

- H2:Thenumber offunctionalitiesofanIoTdevice pos-itively influencesthe probability that the device is pur-chased.

- H3:ThesecuritylevelofanIoTdevicepositivelyinfluences theprobabilitythatthedeviceispurchased.

TheTAMstudiesdiscussed abovedidnotinclude possi-bleeffectsofframing.Entman(1993,p.2)definedframingas “theselectionofsomeaspectsofaperceivedrealityand mak-ing them moresalientin acommunicatingtext, insucha wayastopromoteaparticularproblemdefinition,causal in-terpretation,moralevaluation,and/ortreatment recommen-dation fortheitem described”.Moreover,according to Ent-man,framesdescribeproblems,diagnosecauses,makemoral judgementsandselectthemostsuitedremedies.Chongand Druckman(2007)provideamorehigh-leveldefinitionof fram-ing,definingtheconceptas“theprocessbywhichpeople de-velopa particularconceptualisationofanissue orreorient theirthinkingaboutanissue”.

Gain/lossframingisoneofthemostprevalentframesin messageframingliterature.Inthegainframe,themessage fo-cusesonthegainsthedecision-makercanacquirewhen opt-ingforacertainalternative.Onthecontrary,thelossframe communicatesthepossiblelossesofanoutcome.According toProspectTheory,peopletendtoberisk-aversewhen be-ingpresentedwithsuregainsandrisk-seekingwhenfacing surelosses(KahnemanandTversky,1979).Thisgoesagainst classicalutilitytheory,inwhichsimilaroutcomesprovidethe same amountofvaluetothedecision-maker.Kahneman& Tverskydevelopedadifferentchoicemodel,inwhichvalueis attainedfromgainsandlossesratherthannetoutcomesand theprobabilitiesintheutilityfunctionarereplacedby deci-sionweights.

Researchers in the medical field have appliedthe con-cept of gain/loss framing in order to assess the effect of gain/lossframingonthechoiceofpatientstooptfora cer-tain treatment.In thesestudies,gain/lossframingwas ap-pliedtothecommunicationoftreatmentinformationto pa-tientswhoface thedecisiontoopt foracertaintreatment.

Armstrongetal.(2002)presentedagroupof451individuals withtreatmentinformation.Theindividualswererandomly divided intothreegroups.Thefirst grouponlyreceivedthe survivalratesofthe treatment,whilethe second group re-ceivedthemortalityratesandthethirdgroupreceivedboth themortalityratesandthesurvivalrates.Uponreceivingthe information,theindividualswereaskedtomakethedecision whethertooptforpreventativesurgery.Theresultssuggested that individualswho receivedthemortalityrateswere less likelytopreferthesurgery.These resultsare clearlyinline withthehypothesesofProspectTheory,asindividualswho arepresentedwiththelossframearerisk-seeking andvice versa.

Manystudiesfollowingasimilarprocedurehavebeen pub-lishedduringtheyears.AstudybyDetweileretal.(1999) con-cluded that beachgoers who receiveda messagewhich fo-cused onthe gainsofusingsunscreen were morelikelyto buyandusesunscreen.Similarly,Schneideretal.(2001) con-cluded that a message describingthe benefitsof stopping hadastrongereffectonthewillingnessofsmokerstostop smokingthanamessagewhichcontainedthenegativeeffects

ofsmoking.Kühberger(1998) conductedameta-analysisof theearlycontributionsinmessageframingliterature.Froma samplesetof136empiricalanalyses,Kühbergercalculateda setof230effectsizes.Theresultswereinlinewiththeoriginal hypothesisofTverskyandKahneman,asmessagesinthegain framegenerallyledtorisk-aversebehaviourandmessagesin thelossframecausedmorerisk-seekingbehaviour.

Studiesinthemessageframingliteraturehaveconcluded that messages which focus on gains are moreeffective in nudgingconsumerstotakepreventivemeasurestomitigate risks.Inthislineofthinking,buyingasecureproductortaking privacyintoaccountcanalsobeseenasapreventivemeasure tomitigatetheriskofcyberthreatsorprivacyinfringements. Therefore,itcanbeexpectedthatmessagesfocusingonthe gainsofbuyingmoresecuredevicesandtakingprivacyinto accountaremoreeffective.Thisleadstothefollowing hypoth-esis.

-H4: Messages that focus on the gains of security and privacyare moreeffectiveinnudging userstopurchase more secure devices and consider privacywhen buying IoTdevices

Thus,aset offour hypotheseshavebeen developed re-gardingtheeffectofprivacyandsecurityonthepurchase be-haviourofconsumers.Thesehypothesesarevisualisedinthe causalmodelinFig.1.

3. Method

Totest the hypotheses and investigate underlying motiva-tions,we performed both a quantitative and a qualitative study.

3.1. Quantitativestudy:statedchoiceexperiment

The data forthe quantitative study has been collected by meansofastatedchoiceexperiment.Stated choice experi-mentsareespeciallysuitedtoanalysetheeffectofdevice at-tributes,personalfactorsandframingonchoicebehaviour.In thisexperiment,therespondentswerepresentedwithvarious choicesetsconsistingoftwosmartthermostats.Smart ther-mostatshavebeenselectedsinceitcanbeexpectedthatmany respondentshavesomeknowledgeaboutthedevicesdueto theiravailabilityonthemarketandwidespreaduse.The alter-nativesinthechoicesetvariedwithregardtothreeattributes: Price,FunctionalityandSecurity.Privacywasnotincludedas anattributeinordertolimittheneedednumberofchoicesets perrespondent.Inordertoresemblereal-worldpricing,the priceattributevariedonfourlevels:€100,€150,€200,and€250. Thefunctionalityattributewascodedadditively,which im-pliesthatthenumberoffunctionalitiesincreasesasthevalue ofthe functionalityattributeincreases.Thefollowing func-tionalitieswereincludedaspartoftheattributelevels:

1.Remotecontrol(F1):Theuserisabletoremotelyaccessthe device inordertoadjustthe temperature,schedulingor makeuseofotherfunctionalities.

(5)

Fig.1– Causalmodel.

2.Geofencing (F2): The geofencing capability ofthe user’s smartphoneisusedtoassesswhethertheusershasleft his/herhouseandadjusttemperaturesaccordingly. 3.Sensing(F3):Thehomeisequippedwithsensors,which

assesswhethertheoccupantsareawake,sleepingor out-sideofthehouse.Thetemperatureisadjustedaccording tothedatacollectedbythesensors.

4.Learning(F4):Theuserinputsbasicscheduleparameters. Thedevicemakesuseofalgorithmsinordertolearnthe scheduleoftheoccupantsandcollectsdatafromsensing todetectchangesinthescheduleandrespondtothem. Thesecuritylevelvariedbetweentwolevels.Moreover,the respondentsinthestatedchoiceexperimentwererandomly dividedintotwogroups.Thedescriptionsofthesecurity at-tributeforbothlevels aredisplayedinTable1.For thefirst group, the securitylevel of the alternatives was framed in termsofgains,whilethedescriptionofthesecuritylevel fo-cusedonlossesforthesecondgroup.

Withtheseattributelevels,anorthogonalfractional facto-rialdesignwasconstructed.Eachrowofthedesigncontainsa profile.Thechoicesetswereconstructedbymeansof sequen-tialconstruction.

Table1– Securitydescription.

Frame Securitydescription

Gain “Thisdeviceis/isnotsecuredproperly” Loss “Thisdevicecan/cannotbehacked”

Perchoiceset,therespondentswereaskedwhetherthey would purchase each individual smart thermostat in the choiceset,giventhattheirthermostathadbrokenandthey werefacedwiththedecisiontobuyanewsmartthermostat. Inaddition,therespondentswereaskedquestions regard-ingasetofdemographicvariables,inordertotestthe repre-sentativityofthecollectedsample.Thefollowing demograph-icswereincludedinthesurvey:Age,gender,educationlevel andworkingsituation.

Finally,thesurveymeasuredasetofindicatorsthatwere expectedtoplayaroleinthechoicebehaviourofconsumers purchasingIoTdevices.Theseindicatorsfunctionasinputfor afactoranalysis,whichaimstodefineasetofpersonal fac-torsfrom theindicators.Thefactorshavebeenconstructed bymeans ofPrincipalAxisFactoring (PAF). Thismethodis

(6)

Table2– Indicators.

Nr. Statement

I1 “Ikeepupwithtechnologicaldevelopments”

I2: “Ireadthetechnologysectionwhenreadingnewspapersorvisitingnewswebsites” I3: “IfinditinterestingtofollowthedevelopmentofnewITproducts”

I4: “Innovationisimportantforeconomicdevelopment”

I5: “Investmentsininnovativetechnologiesareimportantforsociety” I6 “IfanewITproducthasbeendeveloped,Iwanttobuythefirstversion” I7: “IpayattentiontothesecurityrisksofmyITdevices”

I8 “WhenpurchasinganITdevice,Iconsiderthesecurityrisksofthedevice” I9: “ThesecurityofmyITdevicesisimportanttome”

I10: “Mypersonalinformationshouldbeprotectedsufficiently”

I11: “Ikeeptrackofwhichinformationiscollectedwhenusingonlineservices” I12: “IamconcernedwiththesecurityrisksofmyITdevices”

I13: “WhenusingITdevices,Iamconcernedwiththeuseofmypersonaldatabyexternalparties” I14: “Whenusingonlineservices,Iamconcernedwiththeuseofmypersonaldatabyexternalparties” I15: “IundertookactiontoimprovethesecurityofmyITdevices”

especiallysuited tomeasurethe valuesofnon-measurable constructssuchasviews,opinionsandbeliefs.Theaxeshave beenrotatedbymeansofobliquerotation,whichallowsfor correlationbetweenfactorsandsimplifiestheinterpretation offactors.

Inordertomeasurethevaluesontheindicators,the re-spondentswereaskedtoevaluatewhethertheyagreedwitha setofstatements.ThestatementsaredisplayedinTable2.

ThesurveywasspreadbyagroupofBScstudentsfromthe facultyofTechnology,Policyand ManagementofDelft Uni-versityofTechnologyaspartofadataanalyticscourse.The studentswereaskedtosharethesurveywithin theirsocial networkandcollect5responsestothesurveyperperson.

3.2. Quantitativestudy:discretechoicemodelling

Fromthecollecteddata,RandomUtilityMaximisation(RUM) based discrete choice models have been developed. These modelsdescribetheprobabilitythatacertaindecision-maker choosesanalternativefromagivensetofalternativeswhich varyonasetofcriteriaorattributes.

More specifically, Multinomial Logit (MNL) models are usedtoassesstheeffectsoftheattributes,personalfactors andframingonchoicebehaviour.MNLmodelsassumethat theerrortermsintheutilityfunctionareindependentlyand identicallydistributedacrossallalternatives,whichimplies thattheyhavethesameprobabilitydistributionandare mu-tuallyindependent.Theutilityofanalternativeiscalculated by thesum ofthe productofthe criteria scores and aset of linear parameters. Thus,the utility iscalculated by the followingformula: U(ai)= m j=1 wj∗E ai,cj +ε (1)

Wherewj isthe parameteror weightofattribute j,E(ai,cj)

representstheexpectedeffectofalternativeionattributej andε isequaltotheerrorterm.

ForMNLmodels,theprobabilitythatanalternativeis cho-senfromasetofalternativesiscalculatedasfollows: P(X=ai)=

eU(a_i)

n j=1eU(aj)

(2)

WhereP(X=ai)entailstheprobabilitythatalternative Xis

chosenfromapredefinedchoiceset,U(ai)istheutilityof

al-ternativeiandnisequaltothenumberofalternativesinthe choiceset.

Forthemodelselectionprocess,variousmodelstatistics arecalculatedthatmeasurethequalityofthedeveloped mod-els.Firstly,theLikelihoodRatioTest(LRT)isusedtocompare thequalityoftwomodels.Thestatisticthatrelatestothistest iscalculatedasfollows:

LRS= − 2∗(LLA− LLB) (3)

WhereLLxistheLog-Likelihoodofmodelx.

Secondly,theR-squaredvalueiscalculatedforeachmodel bydividingthevarianceofthedependentvariablethat the modelisabletoexplainbythetotalvarianceofthedependent variable.

Finally,aniterativemodellingprocessisapplied,which im-pliesthatmoreexplanatoryvariablesareaddedtothemodel ineachiterationtoassesswhetheraddingmorevariablesto themodelsignificantlyimprovesthegoodnessoffit.Table3

providesadescription ofthemodels thatare developedin eachiteration.

3.3. Qualitativestudy

Thequalitativestudytookadifferentapproachby conduct-ingan onlinesurveyinwhichthe respondentswere asked openquestions regardingtheirdecision topurchaseornot topurchaseasmartthermostat.Thelinktothesurveywas spread via various socialmediaand within thesocial net-work ofthe researcher.Firstly,the respondentswere asked which factors had influenced their decision to buy or not to buya smart thermostat.Subsequently,the respondents

(7)

Table3– Modellingprocess.

ModelNr. Description

1.1 MNL:Deviceattributes

1.2 MNL:Deviceattributes+interactionfactorsandframingwithsecurityattribute

1.3 MNL:Deviceattributes+interactionfactorsandframingwithsecurityandfunctionalityattribute 1.4 MNL:Deviceattributes+interactionfactorsandframingwithsecurity.functionalityandpriceattribute

Table4– Scenarios.

ScenarioNr. Description

1 Thesmartthermostatcollectsdataaboutyourenergyuseandkeepstrackofyourlocation.Acriminalgainsaccessto thisinformationtodeterminetherightmomentforaburglary.

2 Thesmartthermostatcollectsdataaboutyourenergyuseandkeepstrackofyourlocation.Theproducerofyour thermostatcollectsthisdataandmaybeobligatedtoshareitwithexternalparties,suchasinsurersortax authorities.

3 Thesmartthermostatcollectsdataaboutyourenergyuseandkeepstrackofyourlocation.Theproducerofyour thermostatcollectsthisdataandsharesitwithmarketingbureaus,whichuseittodeveloppersonalised advertisements.

4 Acriminalgainsaccesstoyoursmartthermostat,allowinghim/hertocontroltheheatinginyourhouse. 5 Acriminalgainsaccesstoyourhomenetworkviayoursmartthermostat,allowingthecriminaltogainaccessto

personalinformationonthenetwork,suchaspasswordsorbrowsingdata.

6 Yoursmartthermostatispartofalargenetworkofdeviceswhichisbeingusedtoexecutecyber-attacksonlarge organisations.

were triggeredtocontemplate therole ofsecurityand pri-vacyintheirdecisiontobuyornottobuyasmart thermo-stat.Furthermore,therespondentswereshownasetof secu-rityandprivacyrisksdescribedbymeansofhypothetical sce-narios.Thescenarioswereconstructedbasedonknown at-tacks/incidentsfromliterature,anddescribedbasedonthe bowtie framework,i.e.intermsofthreat,event,and conse-quences.Wetriedtocover alargediversityofthreats, inci-dentsandconsequences,whilekeepingthenumberof sce-narioslimited.Anoverviewofthescenariosispresentedin

Table4.Therespondentswereaskedtoratetheseverityof each scenarioand provide amotivation fortheir ratingon a five-point scale. Finally, the respondents were requested to indicate which scenario described the most severe risk intheir opinion.Theresponseshavebeen analysedwitha codingapproachbyidentifyingcommonconceptsandtheir interrelations.

4. Results quantitative study

4.1. Sample

For the quantitativestudy,the studentscollected adataset containing709respondents.Asubsetof93respondentswho did not provide ananswer tothe questions relatedto the choiceexperimentwereremovedfromthedataset.Moreover, 35responseswerecollectedfromthesameIPaddresswithin adistinctlysmalltimeframe.Theseresponseswereremoved fromthedatasetasitisunlikelyforsuchalargenumberof validresponsestobecollectedwithinasmalltimeframefrom thesameIPaddress.Theresultingsamplesizeusedforthe analysisis581.

4.2. Representativity

Inordertotesttherepresentativityofthecollectedsample, thevaluesofthedemographicalvariablesinthesampleare comparedtothevaluesofthesedemographicalvariablesfor thetargetpopulationofthestudy.Forthispurpose,various Chi-Squaredtestshavebeenexecuted.Theresultsshowthat the age groups 18-24 years and 50-59 years are overrepre-sented.Secondly,thesamplemostlyconsistsofrespondents who haveahigh education level.Finally, the working situ-ation categories“student” and“paid job” arestrongly over-representedinthesample.Theseoverrepresentationscanbe explainedbythe datacollection process.TheBSc students whospreadthesurveymostlikelysharedthesurveywith fel-lowstudents,housemates,siblings,parentsandothermature familymembers.

Theoverrepresentationsinthesamplemightcause under-oroverestimationoftheaveragevaluesofthevariables con-sideredinthe analysisbut arelesslikelytoaffectthe rela-tions betweenfactors,attributes, demographicsand choice behaviour.Inaddition,themainaimofthisresearchisto il-lustratethatcertainrelationsexist.Theoverrepresentations donotlimittheabilityofthedevelopedmodelstoreachthis goal.

4.3. Factoranalysis

Fromthevaluesoftheindicators,personalfactorshavebeen deducedbymeansofPrincipalAxisFactoring.Theresulting factorstructureisdisplayedinTable5.

Thefirstfactorisdefinedbyindicatorsthatrelatetothe attitude ofthe respondentstowardsprivacy/security issues ofITdevices.Thus,thisfirst factorcanbelabelledas “pri-vacy/security awareness”. Thesecond factor relates to the

(8)

Table5– Factorloadings.

Nr. Factor1 Factor2 Factor3

I1 - - -I2 .785 I3 .733 I4 -.888 I5 -.830 I6 .536 I7 - - -I8 .556 I9 - - -I10 - - -I11 .534 I12 .755 I13 .897 I14 .833 I15 .407 CA .833 .736 .854 CA=Cronbach’sAlpha

Table6– Modelselection.

Nr. Loglikelihood R2 _LRT_(critical_value)

1.1 5054.914 0.265

-1.2 4580.136 0.297 949.556(9.488) 1.3 4544.435 0.306 71.402(9.488)

1.4 4541.340 0.307 6.19(9.488)

respondent’s interest inthe developmentof technologyas well as their adoption of new technology. Therefore, the secondfactorcanbelabelledas“TechnologyAcceptance”. Fi-nally,thethirdfactorisdeterminedbythetwoindicatorsthat measuretheperceivedimportanceofinnovation.Thetwo in-dicatorsloadnegativelyonthefactor,whichimpliesthatthe indicatorsmeasurethepoleoppositeofthisconstruct. Conse-quently,thisfactorcanbelabelledas“Conservativeness”.The indicatorsthathavebeenremovedfromthefactoranalysis areexcludedfromtheanalysiscompletely,sincetheydonot possessasignificantlydifferentmeaningthanthefactors.

Sincethefactors(andassociateditems)usedinthisstudy were specificallytailored tothecontents ofthisstudy,they were developedin anexploratory manner.Itshould there-forebenotedthat(ideally)thefactorstructurerevealedhere shouldbevalidatedinfuturestudiesfollowingaconfirmatory approach(basedonothersamples).Thatbeingsaid,the reli-abilityscoresforallthreefactors(presentedinthelastrowof

Table5)werefoundtobegood(CronbachAlpha’s>0.70).In addition,the(exploratory)factorstructurewasalsosubjected toaConfirmatoryFactorAnalysis(AMOS25wasusedforthis purpose).Theresultingmodelshowedacceptablemodelfit ac-cordingtoconventionallyusedfitcriteria(χ2₌_206.6,_df₌_41;

p=0.000,CFI=0.926,SRMR=0.072)(HuandBentler,1999), whichsupportstheconvergentanddiscriminantvalidityof thefactors.Hence,eventhoughthefactorsareestablishedin anexploratoryfashion,thereissufficientevidencethatthey arereliableandcapturedistinctivepsychologicaltendencies thatmaybeassumedtoinfluencechoicebehavioursof con-sumerspurchasingIoTdevices.

Table7– Modelparameters.

Attributes Parameter p Price(∗100euro) 0.656 0.000 Functionality 0.108 0.000 Security 1.041 0.000 Constant 0.771 0.000 Framinginteractions Framing∗Security 0.041 0.000 Framing∗Functionality 0.025 0.264 Framing∗Price -0.025 0.315 Factorinteractions

TechnologyAcceptance∗Security -0.054 0.092

Privacy/SecurityAwareness∗Security 0.162 0.000

Conservativeness∗Security -0.098 0.001

TechnologyAcceptance∗Functionality 0.095 0.000

Privacy/SecurityAwareness∗_{Functionality} _-0.126 _0.525

Conservativeness∗_{Functionality} _-0.037 _0.152

TechnologyAcceptance∗_Price _-0.059 _0.045

Privacy/SecurityAwareness∗_Price _0.022 _0.429

Conservativeness∗_Price _-0.042 _0.132

4.4. Modelselection

Duringthemodellingprocess,variousmodelshavebeen de-velopedandassessedbymeansofthemodelstatisticsthat havebeen discussedinSection 3.Themodelsandtheir re-spectiveR-SquarevalueandLRTaredisplayedinTable6.

AccordingtotheLRTvalues,model1.3providesthebestfit tothedata.However,theLRTvalueofmodel1.4isrelatively closetothecriticalvalueandthemodelcontains anotable interactioneffectofthepriceattributewiththetechnology acceptancefactor.Forthisreason,model1.4isusedtodraw conclusionsintheremainderofthispaper.

4.5. Modelparameters

Theparametersoftheresultingmodel,model1.4frommodel group1,aredisplayedinTable7.Theparametersinthemodels indicatehowstrongacertainattributeinfluencestheutility thatisprovidedtoaconsumerbyasmartthermostatandthe probabilitythatthesmartthermostatispurchased.

Firstly,themodelcontainsthedirecteffectsofthedevice attributeson the utilityofthe alternatives.Thus,three re-spectiveparametershavebeencalculatedforeachofthese attributes;Functionality,Priceand Security.Themodelalso containsaconstantthatdescribestheexpectedvalueor util-ityofasmartthermostatwheneachoftheattributesisset to0.Eachoftheseeffectsisstatisticallyandpractically sig-nificant.Inlinewiththehypotheses,thepriceattributehasa negativeeffectontheexpectedutilityofanalternative.The securitylevelandfunctionalityofanalternativehavea posi-tiveeffectontheutility.Theeffectofsecuritywas exception-allystrongwhencomparedtotheotherdeviceattributes.

Toallowamoreintuitiveinterpretationoftheparameters, willingness-to-paymeasurescanbecalculatedbydividingthe parameters related to functionality and security attributes bythepriceparameter.Thisindicatesthatrespondentsare, onaverage,willingtopay16euroforeachadditional func-tionality (e.g.a thermostatthathas geofencingin addition

(9)

toremotecontrol),andapremiumof159euroforasecure thermostat compared to a non-secure thermostat, which is a substantial amount giventhe providedprice range in thermostats(100-250euro).

Turningtothepsychologicalfactors,thetechnology accep-tance factor hassignificant interactions withthe three de-viceattributes.Respondentswithahighscoreonthisfactor arewillingtomakeconcessionsonsecurityandpricein or-dertobuythenewesttechnologythatprovidesthemwith in-novativefunctionalities.Similarly,theprivacy/security aware-nessfactorpositivelymoderatestheeffectofsecurityonthe purchasebehaviour,whichimpliesthatrespondentswhoare moreawareofsecurityandprivacyriskstakesecuritymore stronglyintoaccountwhenpurchasingadevice.Finally,the conservativenessfactornegativelyinteractswiththesecurity attributes.Thisresultsuggeststhatsecuritycontributesless tothevalueofadeviceforrespondentswhodonotvalue in-novation.

Withregardtoframing,theresultsshowthatsecurityhasa strongereffectonthepurchasedecisionforrespondentswho werefacedwiththegainsofbuyingasecuredevice.This find-ingisinlinewiththehypothesisofKahneman&Tversky,who postulatedthatpeoplearemoreriskaversewhenfacedwith possiblegains.

5. Results qualitative study

5.1. Response

Atotalof27 responseswere providedtothesurveyforthe qualitativestudy.Inthecollectedsample,thehigher educa-tionlevelsarehighlyoverrepresented.

5.2. Purchasedecision

Firstly,therespondentswereaskedtoevaluatewhatfactors playedaroleintheirdecisiontobuyornottobuyasmart ther-mostat.Strikingly,securityor privacywereonlymentioned twiceasamotivation forthe purchasedecision.For device owners, the reasons topurchase a smartthermostat were mainlyfocusedaroundthefunctionalitiesthedeviceprovides, ease ofuseand energycostreductions.With regardtothe decisiontobuyaspecificsmartthermostat,the compatibil-itywithotherdevicessuchastheboiler,voiceassistantsand smarthomedeviceswasmentionedfrequently.

Afterbeingtriggeredtoactivelycontemplatetheroleof se-curityandprivacyintheirpurchasedecision,many respon-dentsareabletoaddresssomehigh-levelprivacyandsecurity relatedconcernsregardingsmartthermostats.

Theresultsshow thattherespondents onlystart think-ingaboutsecurityandprivacyconcernswhenbeingactively triggered toevaluate suchtopics.Without being prompted tothinkaboutprivacyandsecurity,therespondentsfocused mainlyonotherdeviceattributessuchasfunctionalityand easeofuse.

5.3. Riskawareness

15outofthe27respondentsindicatedthattheywereableto mentionsecurityandprivacyrisksofsmartthermostats.The respondentsmostlygavehighleveldescriptionsofsecurity andprivacyrisks,usingcommontermssuchas“hacking” or “datagoingpublic”.Itseemsnotablethattheriskdescriptions oftherespondentsstronglylackanydetailandarenotrelated torealisticthreatscenarios.

5.4. Scenario’s

Theassessmentofscenariosallowsforthegenerationof in-sightsregardingtheriskassessmentoftherespondents.The maingoaloftheanalysisistodeterminetheunderlying fac-torsthatinfluencethis processratherthanquantifying the effects of these factors.For this reason, the focus lies on analysingthemotivationsthattherespondentshaveprovided fortheirratingratherthanquantitativelyassessingthe rat-ingsperscenario.

Firstly,theperception ofthelevel ofsecurity orprivacy relatedtothedeviceisoftenmentionedasamotivationto rateascenario.Somerespondentsratetheseverityofarisk scenarioas“low” becausetheyexpectthatsufficientcontrols havebeenputinplace.For example,respondentsratedthe severityofrisksinprivacy-relatedscenariosas“low” because GDPRhasbeenputinplaceandthisregulationoughttobe suf-ficientprotectionagainstprivacyinfringements.Onthe con-trary,otherrespondentsmentionedthattheyperceived the levelofsecurityandprivacywithregardtoIoTdevicesin gen-eraltobelow.

Secondly,theprobabilityofoccurrenceseemstoplayarole intheriskevaluationprocess oftherespondents.Many re-spondentshaveratedtheseverityofascenariotobelow,as theythoughtthatsuchariskwouldbeveryunlikelytooccur inreallife.Ontheotherside,probabilityofoccurrencewas alsomentionedfrequentlyasamotivationtoratetheseverity ofariskas“high”.

Thirdly,thebenefitsforthethirdpartyarereportedasa motivationfortheassessmentofarisk.Iftherespondentis oftheopinionthatthethreatactorintheriskscenarioisnot abletoachieveanattractivebenefit,therespondentislikely toratetheseverityoftheriskas“low”.

Finally, the respondents often mention the impact of a riskscenario asacrucial factor.Toillustratethis,scenario 5(criminalaccessingpersonalinformation)posedthemost severe risk for many respondents, as this scenario has a further reaching impact than the other scenarios. In this scenario,the scope ofthe impact exceedsthe information thatiscollected,storedandusedwithregardtotheuseofthe smartthermostat.

6. Conclusions

Thisstudyhasinvestigatedtheeffectofsecurityandprivacy ontheIoTdevicepurchasedecisionofconsumersby answer-ingthefollowingresearchquestion:

(10)

Fig.2– Causalmodelwitheffectsizes.

“Howdosecurityandprivacyinfluencethechoiceofconsumers tobuyanIoTdevice?Andhowsensitiveistheeffectofsecurity andprivacytoframingandpersonalfactors?”

Thequantitativepartofthestudytestedasetoffour hy-pothesesregardingtheeffectoftheprice,functionalityand securityofadeviceontheprobabilitythatthedeviceis pur-chased.TheresultingcausalmodelisdisplayedinFig.2.

Inline withourhypotheses,the study revealedthat se-curity hasanotablystrongeffectonthe purchasedecision ofrespondents inastated choiceexperiment.Onthe con-trary,securityandprivacywereonlymentionedonceortwice asamotivationtobuyornottobuyasmartthermostatby therespondentsinthesurveyforthequalitativestudy.The maindifferencebetweenbothstudiesisthattherespondents inthequantitativestudyare triggeredtothink about secu-rity,whilethisisnotthecaseinthequalitativestudy. More-over,therespondentsinthequantitativestudyarepresented withaneasilyunderstandabledescriptionofsecurity,which allowsthemtoeasilycomparealternativesregardingthe se-curitylevel.Itislikelythatthisisnotisnotthecaseinreal worldsituations.

Thesecondpartoftheresearchquestiontargetsthe sensi-tivityoftheeffectofsecurityandprivacytoframingand per-sonalfactors.Regardingframing,theresultsshowthat secu-rityhasastrongereffectforrespondentswhoreceivedagain focuseddescriptionofsecurity.Thisfindingisinlinewiththe hypothesisofProspectTheory,whichpostulatesthatpeople aremoreriskaversewhenfacedwithpossiblegains.

Furthermore,theresultshaveillustratedthatconsumers whoaremoreawareoftheprivacy/securityrisksof(IoT) de-vices,takesecuritymorestronglyintoaccountwhen purchas-ingIoTdevices.Thequalitativestudyalsoinvestigatedtherisk awarenessofconsumers.Theresultsindicatedthatsome con-sumersareabletolistsomeofthesecurityandprivacyrisks ofsmartthermostats.However,thedescriptionsoftheserisks stronglylackdetailandarenotspecificforsmartthermostats. Inaddition,thequalitativestudyexaminedtherisk assess-mentprocessofconsumers.Fromthisanalysis,asetoffactors havebeenderivedthatwerefrequentlymentionedasa mo-tivationtoassesstheseverityofaprivacyorsecurityrelated riskofsmartthermostats.Thefollowingfactorswerefoundto berelevant:Perceivedsecurityandprivacylevel,probabilityof occurrence,thirdpartybenefits,andimpact.

(11)

Finally,thequantitativestudyfoundanegativeinteraction effectofthetechnologyacceptancefactorwiththepriceand securityattributesandapositiveinteractioneffectwiththe functionalityattribute.Thissuggeststhatpeoplewhoscore highonthisfactorcanbeseenasthe“firstadopters” of in-novativetechnologiesandaremorewillingtobuylesssecure andmoreexpensiveproductsthatdoprovidethemwithnew functionalitiesandimprovetheirqualityoflife.

To conclude,the study hasfoundthat securityand pri-vacy canhave a strong effect on the purchasedecision of consumers, under the specific circumstances that privacy andsecurityrelatedinformationispresentedtoconsumers and is communicated in an understandable manner that allows for comparison of alternative devices in a simple and timely manner.Theeffect ofsecurityismoderated by the privacy/security awareness,technology acceptanceand conservativeness of consumers. Finally, the results show that securityrelatedinformationthat focusesonthe gains ofsecurityismoreeffectiveinnudgingconsumerstowards buyingmoresecuredevices.

7. Discussion

Theresultsofthisstudyhaveseveralpracticalimplications. Thisresearch hasshownthat securitydoes affectthe pur-chase behaviour of consumers under the condition that securityorprivacyrelatedinformationispresentedto con-sumersandiscommunicatedinasimpleandunderstandable manner.Thisresultsuggeststhatgovernmentalbodiescould nudgeuserstowardsbuyingmoresecuredevicesandtaking privacyinto accountbyensuringthatsuchcommunication takesplace,allowingfortimely comparisonofdevices with regard tosecurity and privacy.Governmental bodies could work towardsthis goal bydefiningstandards orlegislation thatdescribewhatsecurity-andprivacy-relatedinformation shouldbeprovidedtoconsumersandhowthisinformation should becommunicated.Due tothe immense complexity oftheIoTsecurityandprivacytopic,itisadvisedtoinclude market parties,suchasmanufacturersand retailers,inthe developmentprocessofsuchlegislationorstandards.

Furthermore,the resultsofthe study indicate that con-sumerswhoaremoreawareofprivacyandsecurityrisksare morelikelytoconsidersecurityandprivacywhenpurchasing IoTdevices.Thus,improvingtheriskawarenessofconsumers supportsthegoalofnudginguserstowardsbuyingmore se-curedevicesandtakingtheirprivacyintoaccountwhen pur-chasingdevices.Inordertoreachthisgoal,governmental bod-iescouldinitiateawarenessprogramsthatspecificallyfocus oncommunicatingsecurityandprivacyrisksofIoTdevicesto consumers.Insomecountries,suchprogramshavebeen ini-tiatedbygovernmentalbodies.Forexample,theDutch gov-ernmenthaslaunchedasecurityawarenesscampaign specif-icallytargetedatnudgingconsumerstowardsupdating soft-wareinatimelymanner.Theresultsofthequalitativestudy haveidentifiedfourpotentialfactorsthatcouldformthe ba-sisofsuchefforts:perceivedsecurityandprivacy,probability ofoccurrence,thirdpartybenefitsandimpact.Finally,the re-sultssuggestedthatthefirstadoptersofinnovative

technolo-giescanbeidentifiedasapotentialfocusgroupforawareness campaigns.

Intermsofscientificimplications,this studyshowsthat statedchoiceexperimentscanbeusedasamethodto esti-mateframingeffects.Incurrentstudies,framingeffectsare oftenevaluatedbypresentingresearchsubjectswithasingle choicetask.Bymeansofstatedchoiceexperiments,the stan-darderrorsoftheresultingparametersarelowered,thus im-provingthevalidityofthedevelopedmodels.Additionally,the methodallowsresearcherstocomparetheeffectsofvarious attributesonchoicebehaviour.

Inaddition,thestudycontributestotheTAMfieldby eval-uatingtheeffectofvarious explanatoryfactorsonthe pur-chasedecisionofconsumers.Thestudydiffersfromthe stud-iesintheTAMfieldwithregardtothedependentvariablein itscausal model.ThedependentvariableinTAMstudiesis theacceptanceoftechnologies,whilethechoiceforaspecific devicefunctionsasthedependentvariableinthisstudy.The measurementofthedependentvariablealsodiffersfrom ex-istingstudies.Inthisstudy,astatedchoiceexperimentisused tomeasurethechoicesratherthanobservingtheoutcomeof asinglechoicetask.

8. Limitations

The quantitativestudy has observed stated choices rather thanchoicesinreal-worldsituations.Itcanbearguedthatthis limitsthevalidityofthedevelopedmodels,aspeoplemight exhibitsignificantlydifferentchoicebehaviourinthesetting ofastatedchoiceexperiment.Forexample,theeffectof se-curitymightbelowerinthecaseofreal-worldpurchasesdue tothelimitedavailabilityofsecurityrelatedinformation.This mighthaveledtoanoverestimationoftheeffectofsecurity inthisstudy.

Inreal-worldchoicesituationsrespondentsmay (wrong-fully)assumethatIoTproductshavebuilt-insecurity. How-ever,theonlywaytogetasenseofhowmuchpeopleare will-ingtopayforthisisbyexperimentallyvaryingasecurity at-tribute,therebyalsotriggeringrespondentstopayattentionto itinthefirstplace.ItmaybespeculatedthatwhenIoT prod-uctsbecomemorecommon,peoplewillalsogainexperiences withpossiblesecurityrisksand/oractualsecuritybreaches, whichwilllikelymakeconsumerssensitivetothisattribute infuturepurchases.

Moreover,thealternativesinthestatedchoiceexperiment variedonasmallsetofthreeattributes.Itcanbeexpectedthat otherdeviceattributes,suchaseaseofuseorcompatibility withotherdevices,alsohaveastrongeffectonthepurchase behaviourofconsumers.

Limitationscanalsoarisefromthespecificcodingofthe deviceattributes.Inthiscase,theoperationalisationofthe se-curityattributehasitsdrawbacks.Thesecurityattributehas beenvariedontwolevels.Itispossiblethatthiscodinghas ledtoanoverestimationoftheeffectofsecurityonthechoice behaviour,asitseemssensiblethatmostrespondentswould notpurchaseadevicethat“isnotsecuredproperly” or“canbe hacked”.

Fourthly,itisquestionable whethersecurityandprivacy canbeframedasapuregain.Toillustratethis,thesecurity

(12)

attributewasframedas“thisdevice is/isnotsecured prop-erly”.Theterm“secured” stillsuggeststhatthereexistssome externalthreat.Thisexternalthreatcanbeseenaspotential loss.However,theterm“securing” seemsamorepositiveterm than“hacking” fromasemanticpointofview.

MNLmodelshavebeendevelopedtoassesstheeffectof securityonchoicebehaviourinthequantitativestudy.MNL modelsassumethattheerrortermsintheutilityfunctionare independentandidenticallydistributed(i.i.d.).Ifthis assump-tionisincorrect,thiscanresultinbiasedparameterestimates. Forthequalitativestudy,asurveywasusedtorevealthe underlying rationales that determine how security affects thechoicebehaviourofconsumers.Asurveyallowsforthe generation of responses in a timely and costless manner. However, using a survey for this goal has its limitations. Whenusingasurvey,theresearcherisnotabletoaskfollow up questions when needed. An interactive survey design was appliedthat askedthe respondentsformorein-depth answers inordertodealwiththis limitation.Also,because of the overrepresentation of higher education levels, the resultsofthequalitativestudycannotbegeneralisedtothe populationatlarge.However,theresultsstillprovideinsight inpossiblemechanismsthatexplaintheroleofsecurityand privacyinpurchasedecisions.

9. Further research

In parallel to the study described here, Emami-Naeini et al. (2019) researched how privacy and security factorintoIoTdevicepurchasebehaviourbyconductingaset of24semi-structuredinterviews andspreadingafollowup survey towhich 200participants provideda response.The respondents were askedtorank certain factors theywould takeintoconsiderationwhenpurchasingIoTdevices.Security wasrankedtheasthethirdmostimportantfactor,afterprice andfeatures.Bycontrast,purchasechoicesfordevicesthat vary on theseattributesare observedin thepresent study, withtheimportanceofthefeaturesderivedfromthechoice models.Thisconfirmsthatdifferentapproachesyield differ-entinformationregardingpurchasebehaviourandassociated preferences,whichwealsosawinthe differencesbetween ourquantitativeandqualitativestudy.

Moreresearchisneededtofurtheraddresstheidentified knowledgegaps.Firstly,thisstudy onlyinvestigated the ef-fectofalimitedsetofthreedeviceattributes.Privacywasnot includedasadeviceattributeinthisstudy.Inordertoassess whethersimilarconclusionsholdforprivacyandcomparethe effectsofsecurityandprivacytootherdeviceattributes, fu-tureresearchcouldbuilduponthisstudybyincludingprivacy andotherdeviceattributes.

Secondly, the security attribute was coded as a binary variable,whichmighthaveledtothe overestimationofthe effect of security on the purchase decision of consumers. Futureresearchcouldevaluatehowotheroperationalisations of security affect choice behaviour in order to determine whatoperationalisationismostsuitedtonudgeconsumers towardsbuyingmoresecuredevices.

Thirdly,thisstudyhasobservedstatedchoicesratherthan real-worldchoices.Furtherresearchcoulduserevealedchoice

dataas an inputforthe development ofchoicemodels to assess whether real-worldchoice behaviour resembles the choicebehaviourinastatedchoiceexperiment.Forexample, activityonwebshopscouldbemonitoredtocollectdata re-gardingthepurchasebehaviourofconsumers.

Finally,futureresearchcouldtargetotherstakeholdersthat buyIoTdevices,notablybusiness users.Withinthis group, adistinctioncanbemadebetweensmallcompanies,which typicallydonothavesecurityspecialists,andlarge compa-nies,wherethesecuritydepartmentmaybeinvolvedinthe purchase.Therefore, onewould expect purchase decisions insmall companies tobe similar toindividual consumers, whereasdecisionsinlargecompaniesmaybelesssensitive toadditionalsecurityexplanations.

Declaration of Competing Interest

Theauthorsdeclarethattheyhavenoknowncompeting fi-nancialinterestsorpersonalrelationshipsthatcouldhave ap-pearedtoinfluencetheworkreportedinthispaper.

CRediT authorship contribution statement

NickHo-Sam-Sooi:Conceptualization,Methodology, Inves-tigation,Writing -original draft.Wolter Pieters: Methodol-ogy,Supervision,Writing-review&editing.MaartenKroesen:

Methodology,Supervision,Writing-review&editing.

R E F E R E N C E S

ArmstrongK, SchwartzJS, FitzgeraldG, PuttM, UbelPA.Effectof framingasgainversuslossonunderstandingand

hypotheticaltreatmentchoices:survivalandmortalitycurves. Med.Decis.Making2002;22(1):76–83.

ChongD, DruckmanJN.Framingtheory.Annu.Rev.Polit.Sci. 2007;10:103–26.

CrespoAH, delBosqueIR, delosSalmonesSánchezMG.The influenceofperceivedriskonInternetshoppingbehavior:a multidimensionalperspective.J.RiskRes.2009;12(2):259–77. DavisFD.Perceivedusefulness,perceivedeaseofuse,anduser acceptanceofinformationtechnology.MISQ.1989:319–40. DetweilerJB, BedellBT, SaloveyP, ProninE, RothmanAJ.Message

framingandsunscreenuse:gain-framedmessagesmotivate beach-goers.HealthPsychol.1999;18(2):189.

Emami-NaeiniP, DixonH, AgarwalY, CranorLF.Exploringhow privacyandsecurityfactorintoIoTdevicepurchasebehavior. In:Proceedingsofthe2019CHIConferenceonHumanFactors inComputingSystems.ACM;2019.p.534.

EntmanRM.Framing:towardclarificationofafractured paradigm.J.Commun.1993;43(4):51–8.

GuJC, LeeSC, SuhYH.Determinantsofbehavioralintentionto mobilebanking.ExpertSyst.Appl.2009;36(9):11605–16. HuLT, BentlerPM.Cutoffcriteriaforfitindexesincovariance

structureanalysis:Conventionalcriteriaversusnew alternatives.Struct.Eq.Model.1999;6(1):1–55.

KahnemanD, TverskyA.Prospecttheory:ananalysisofdecision underrisk.Econometrica1979;47(2):363–91.

KühbergerA.Theinfluenceofframingonriskydecisions:A meta-analysis.Organ.Behav.Hum.Decis.Process. 1998;75(1):23–55.

(13)

SalisburyWD, PearsonRA, PearsonAW, MillerDW.Perceived securityandWorldWideWebpurchaseintention.Ind. Manage.DataSyst.2001;101(4):165–77.

SchaubF, BalebakoR, DurityAL, CranorLF.Adesignspacefor effectiveprivacynotices.In:EleventhSymposiumOnUsable PrivacyandSecurity(SOUPS2015);2015.p.1–17.

SchneiderTR, SaloveyP, PallonenU, MundorfN, SmithNF, StewardWT.Visualandauditorymessageframingeffectson tobaccosmoking1.J.Appl.Soc.Psychol.2001;31(4):667–82. SicariS, RizzardiA, GriecoLA, Coen-PorisiniA.Security,privacy

andtrustinInternetofThings:theroadahead.Comput. Netw.2015;76:146–64.

SinghKJ, KapoorDS.Createyourowninternetofthings:asurvey ofIoTplatforms.IEEEConsum.Electron.Mag.2017;6(2):57–68. NickHo-Sam-SooiholdsanMScdegreeinComplexSystems En-gineeringandmanagementwithanITspecializationtrackatthe facultyofTechnology,PolicyandManagementfromDelft Univer-sityofTechnology.Inaddition,hefollowedseveral cybersecurity-relatedcoursesfromthecybersecurityspecializationthatwas or-ganizedincollaborationwiththeUniversityofTwente.Forhis the-sis,heresearchedtheeffectofprivacyandsecurityonIoTdevice

purchaseintent.Aftercompletingthethesisandobtaininghis de-gree,heisnowworkinginthecybersecurityfieldasaconsultant.

WolterPieters isassociateprofessorofcyberriskatDelft Uni-versityofTechnology,FacultyofTechnology,Policyand Manage-ment.HehasMScdegreesincomputerscienceandphilosophyof technology.AfterfinishinghisPhDthesisontheelectronicvoting controversy,hewasinvolvedinseveralprojectsoncybersecurity riskmanagement,whilealsopublishingoncybersecurityethics andhumanfactors.Heorganizedseveralinternationalseminars onemergingtopicsincybersecurity,andwasprogramco-chairof theNewSecurityParadigmsWorkshopin2018and2019.His cur-rentresearchfocusisoncybersecurebehaviourandcybersecurity communication.

MaartenKroesenisassociateprofessorinTravelBehaviour Re-searchattheFacultyofTechnologyPolicyandManagement.He hasa strongtrack record indeveloping and testing novel be-haviouraltheories usingadvanced statisticalmethods.His ap-plicationdomainismostlytransportation,buthehaspublished inmanyotherdomains(ICT,acoustics,psychology,tourismand health).