Investigating the effect of security and privacy on IoT device purchase behaviour
Ho-Sam-Sooi, Nick; Pieters, Wolter; Kroesen, Maarten
DOI
10.1016/j.cose.2020.102132
Publication date
2021
Document Version
Final published version
Published in
Computers and Security
Citation (APA)
Ho-Sam-Sooi, N., Pieters, W., & Kroesen, M. (2021). Investigating the effect of security and privacy on IoT
device purchase behaviour. Computers and Security, 102, [102132].
https://doi.org/10.1016/j.cose.2020.102132
Important note
To cite this publication, please use the final published version (if applicable).
Please check the document version above.
Copyright
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons. Takedown policy
Please contact us and provide details if you believe this document breaches copyrights. We will remove access to the work immediately and investigate your claim.
This work is downloaded from Delft University of Technology.
Available
online
at
www.sciencedirect.com
journalhomepage:www.elsevier.com/locate/cose
Investigating
the
effect
of
security
and
privacy
on
IoT
device
purchase
behaviour
Nick
Ho-Sam-Sooi,
Wolter
Pieters
∗,
Maarten
Kroesen
DelftUniversityofTechnology:FacultyofTechnology,PolicyandManagement,P.O.Box5015,2600GADelft, Netherlands
a
r
t
i
c
l
e
i
n
f
o
Articlehistory: Received8July2020 Revised5November2020 Accepted29November2020 Availableonline3December2020Keywords: Purchasingbehaviour Security Privacy IoT Publicpolicy Choicemodelling
a
b
s
t
r
a
c
t
GiventhesignificantprivacyandsecurityrisksofInternet-of-Things(IoT)devices,itseems desirabletonudgeconsumerstowardsbuyingmoresecuredevicesandtakingprivacyinto accountinthepurchasedecision.Inordertosupportthisgoal,thisstudyexaminesthe ef-fectofsecurityandprivacyonIoTdevicepurchasebehaviourandassesseswhetherthese effectsaresensitivetoframing,usingamixedmethodsapproach.Thefirstpartofthestudy focusesonquantifyingtheeffectofsecurityandprivacycomparedtotheeffectofother de-viceattributessuchaspriceorfunctionality,bytestingacausalmodelwithchoicemodels thathavebeendevelopedfromstatedchoicedata.Thesecondpartaimstorevealthe under-lyingmechanismsthatdeterminetheeffectofprivacyandsecurityonpurchasebehaviour bymeansofaqualitativesurvey.Theresultssuggestthatsecurityandprivacycanstrongly affectpurchasebehaviour,underthecircumstancesthatprivacy-andsecurity-related infor-mationisavailableandcommunicatedinanunderstandablemanner,allowingconsumers tocomparedevices.Moreover,theresultsshowthatadescriptionofsecuritythatfocuses ongainsismoreeffectiveinnudgingconsumerstowardsbuyingsecuredevices.Future ef-fortscouldbuilduponthisstudybycomparingtheeffectofsecurityandprivacytomore deviceattributes,suchaseaseofuseorcostreduction.Theresultscanserveasabasis forinterventionsthatnudgeconsumerstowardsbuyingmoresecureandprivacy-friendly devices.
© 2020TheAuthor(s).PublishedbyElsevierLtd. ThisisanopenaccessarticleundertheCCBY-NC-NDlicense (http://creativecommons.org/licenses/by-nc-nd/4.0/)
1.
Introduction
IntheInternet-of-Things(IoT),physicalobjectsareconnected to a network via internet connectivity to deliver a service to a user (Sicariet al., 2015; Singh and Kapoor, 2017). The marketpenetrationandsocietalacceptanceofIoTdevicesis ever-increasing,asmoreandmoreusecasesforthedevices ariseandtheaffordabilityofthedevicesimproves.Thistrend issupportedbythedevelopmentof5Gnetworktechnology,
∗Correspondingauthor.
E-mailaddress:w.pieters@tudelft.nl(W.Pieters).
whichallowsforlowerlatencyconnectionsandenableslarger volumetraffic,thusvastlyimprovingthequalityofservices providedbyIoTdevices.IoTdevicescanprovidesignificant valuetoconsumersbyenablingnewfunctionalitiesthat im-provetheir quality of life.For example,smartthermostats enableconsumerstoremotelyconfiguretheheatingintheir homeorevenremovetheneedformanualadjustmentoftheir heatingsystemcompletely.
AlthoughtheadoptionofIoTdeviceshassignificant bene-fitsforconsumers,italsointroducessomenotableriskswith
https://doi.org/10.1016/j.cose.2020.102132
0167-4048/© 2020TheAuthor(s).PublishedbyElsevierLtd.ThisisanopenaccessarticleundertheCCBY-NC-NDlicense (http://creativecommons.org/licenses/by-nc-nd/4.0/)
regardtosecurityandprivacy.Inmanycases,IoTdeviceshave inadequatebasicsecuritycontrolssuchasencryptionor au-thenticationschemes.Moreover,manufacturerscollectlarge amountsofhighlysensitivepersonalinformation,suchas en-ergyusedata.Whensuchdataissharedwithexternalthird parties,anintentionalormaliciousinfringementofthedevice owner’sprivacymightoccur.
Consumers– bothindividualandbusinessusers– canplay alargeroleinmitigatingtheserisks,forexampleby purchas-ingsecuredevicesandtakingprivacyintoaccountwhen pur-chasingadevice.Ifconsumersvaluesecurityandprivacy,and areabletodistinguishsecurefrominsecuredevices,theyare willingtopayforaddedsecurity.Manufacturersthenhavean incentivetoimprovethesecurityoftheirproducts,increasing theoverallsecurityintheIoTecosystem.However,both in-dividualconsumersandsmallcompaniesoftendonothave therequiredtechnicalknowledgetoassessthesecuritylevel ofadevice.Moreover,communicationofprivacyinformation isoftenlengthyandoverlycomplex(Schaubetal.,2015).
Therefore, it seems desirable to nudge users towards buying more secure devices and taking their privacy into accountwhenpurchasingthedevices.Governmentalbodies could playanactiverole inreachingthis goal,forexample by designing legislation or standards that describe which securityandprivacyrelatedinformationshouldbe communi-catedtowardsconsumersandhowsuchinformationshould becommunicated.
However, undertaking such initiatives requires detailed and deepinsightsinto thedecision-makingprocessof con-sumerswhenpurchasingIoTdevices.Morespecifically,it is crucialtoknowhow,andtowhatextent,privacyandsecurity influencethechoiceofconsumerstobuyIoTdevices. More-over,thesensitivityoftheseeffectswithregardtopersonal factorsshouldbeinvestigatedtoevaluatewhethertheeffect ofprivacyandsecuritydiffersbetweenvarioussubgroupsof consumers.Finally,framingcanplayarole inthe decision-makingprocess.Toillustratethis,consumersmighttake se-curityandprivacyintoaccountmorestronglywhenreceiving gain-focusedsecurityorprivacyinformation(ratherthan in-formationfocusedonlosses).Forthisreason,thesensitivityof theeffectsofprivacyandsecuritytoframingshouldbe exam-ined.Thisstudyaimstoprovidetheseinsightsbyanswering thefollowingresearchquestion:
“Howdosecurityandprivacyinfluencethechoiceofconsumers tobuyanIoTdevice?Andhowsensitiveistheeffectofsecurity andprivacytoframingandpersonalfactors?”
Forthisstudy,wefocusontheindividualconsumerasend userofIoTdevices,becauseofourinterestintheroleof per-sonalfactors.Thestudytakesamixedmethodsapproach to-wardsansweringtheresearchquestion.Thequantitativepart ofthestudyfocusesonquantifyingtheeffectofprivacyand security on consumer choice behaviourby developing and testingacausalmodelthatdescribestheeffectsofvarious ex-planatoryfactorsonchoicebehaviour.Thisgoalisreachedby constructingchoicemodelsfromdatathatisgatheredfrom astatedchoiceexperiment.Thequalitativepartofthestudy targetstheunderlyingrationalesthatdeterminehowprivacy andsecurityaffectconsumerchoicebehaviourbyasking
con-sumersopenquestionsregardingtheroleofprivacyand se-curityintheirdecisiontobuyornottobuyanIoTdevice.
The remainder of this paper is structured as follows. Firstly, the next section provides a brief overview of the existing body of literature regarding the research topic in order to develop aconceptual model that forms the basis of this study. Section 3 describes the methods that have beenusedtoconducttheanalysis.InSections4and5,the resultsoftheanalysisarepresented.Section6consistsofthe conclusionsthatanswer themainresearch questionofthe study.InSections7–9,theresultsofthestudyarediscussed intermsoftheirimplicationandlimitationsandpossibilities forfurtherresearchareintroduced.
2.
Conceptual model
Currently,theeffectofsecurityandprivacyonthepurchase behaviour of consumershas not been studied extensively. However, studies in the Technology Acceptance Modelling (TAM)fieldhaveinvestigatedhowconsumerperceptionof se-curityandprivacywithregardtoinnovativetechnologies in-fluencestheiracceptance.Thebasisofthisfield,commonly knownasTechnologyAcceptanceModelling(TAM)hasbeen formedbyDavis(1989),whoconcludedthatthereexistclear relationshipsamongeaseofuse,price,usefulnessand accep-tanceofinnovativetechnologies.Davisdefinedacceptanceas theusageofatechnologyorsystembyitsendusers.
Inthefollowingyears,ITresearchershaveextendedthis modelbyaddingperceivedsecurity,riskandtrust-related fac-torsandapplyingittodigitalproducts.Forexample,Guetal., (2009)appliedtheTechnologyAcceptanceModel(TAM)to mo-bile banking. From this study,the authors concluded that trust,easeofuseandtheacceptanceofmobilebankingare closelyinterrelated.Furthermore,astudybySalisburyetal., (2001)evaluated which factors affect the willingness to en-gageinweb-basedshopping.Theresultsofthisstudyshowed thatWebsecurityperceptionplaysalargerolein determin-ingpurchaseintent.Evenmore,ithasastrongereffectthan easeofuseandusefulnessoftechnology.Theauthorsdefined Websecurityperceptionas“theextenttowhichonebelieves thattheWebissecurefortransmittingsensitiveinformation” (Salisburyetal.,2001,p.3).Theirmeasurementofthisconcept didnottakeintoaccountanyframingeffects.Onthecontrary, positiveandnegativeframeswere usedadditivelyto deter-minethesecurityperceptionofrespondents.Inlinewiththis thinking,astudybyCrespoetal.(2009)hasledtothe conclu-sionthatvariousriskfactorssuchassecuritystronglylimit theacceptanceofe-commerce.Theresearchersframed the riskfactorsaspotentiallosses,withoutincludingtheeffectof framingonchoicebehaviour.Generally,thestudiesintheTAM foundthatattributesrelatedtothefunctionality,privacyand securityofdeviceshaveapositiveeffectontheattractiveness ofadevice,whileattributesrelatedtopricehaveanegative ef-fectontheattractivenessofadevice.Therefore,thefollowing hypothesescanbederived:
- H1:ThepriceofanIoTdevice negativelyinfluencesthe probabilitythatthedeviceispurchased.
- H2:Thenumber offunctionalitiesofanIoTdevice pos-itively influencesthe probability that the device is pur-chased.
- H3:ThesecuritylevelofanIoTdevicepositivelyinfluences theprobabilitythatthedeviceispurchased.
TheTAMstudiesdiscussed abovedidnotinclude possi-bleeffectsofframing.Entman(1993,p.2)definedframingas “theselectionofsomeaspectsofaperceivedrealityand mak-ing them moresalientin acommunicatingtext, insucha wayastopromoteaparticularproblemdefinition,causal in-terpretation,moralevaluation,and/ortreatment recommen-dation fortheitem described”.Moreover,according to Ent-man,framesdescribeproblems,diagnosecauses,makemoral judgementsandselectthemostsuitedremedies.Chongand Druckman(2007)provideamorehigh-leveldefinitionof fram-ing,definingtheconceptas“theprocessbywhichpeople de-velopa particularconceptualisationofanissue orreorient theirthinkingaboutanissue”.
Gain/lossframingisoneofthemostprevalentframesin messageframingliterature.Inthegainframe,themessage fo-cusesonthegainsthedecision-makercanacquirewhen opt-ingforacertainalternative.Onthecontrary,thelossframe communicatesthepossiblelossesofanoutcome.According toProspectTheory,peopletendtoberisk-aversewhen be-ingpresentedwithsuregainsandrisk-seekingwhenfacing surelosses(KahnemanandTversky,1979).Thisgoesagainst classicalutilitytheory,inwhichsimilaroutcomesprovidethe same amountofvaluetothedecision-maker.Kahneman& Tverskydevelopedadifferentchoicemodel,inwhichvalueis attainedfromgainsandlossesratherthannetoutcomesand theprobabilitiesintheutilityfunctionarereplacedby deci-sionweights.
Researchers in the medical field have appliedthe con-cept of gain/loss framing in order to assess the effect of gain/lossframingonthechoiceofpatientstooptfora cer-tain treatment.In thesestudies,gain/lossframingwas ap-pliedtothecommunicationoftreatmentinformationto pa-tientswhoface thedecisiontoopt foracertaintreatment.
Armstrongetal.(2002)presentedagroupof451individuals withtreatmentinformation.Theindividualswererandomly divided intothreegroups.Thefirst grouponlyreceivedthe survivalratesofthe treatment,whilethe second group re-ceivedthemortalityratesandthethirdgroupreceivedboth themortalityratesandthesurvivalrates.Uponreceivingthe information,theindividualswereaskedtomakethedecision whethertooptforpreventativesurgery.Theresultssuggested that individualswho receivedthemortalityrateswere less likelytopreferthesurgery.These resultsare clearlyinline withthehypothesesofProspectTheory,asindividualswho arepresentedwiththelossframearerisk-seeking andvice versa.
Manystudiesfollowingasimilarprocedurehavebeen pub-lishedduringtheyears.AstudybyDetweileretal.(1999) con-cluded that beachgoers who receiveda messagewhich fo-cused onthe gainsofusingsunscreen were morelikelyto buyandusesunscreen.Similarly,Schneideretal.(2001) con-cluded that a message describingthe benefitsof stopping hadastrongereffectonthewillingnessofsmokerstostop smokingthanamessagewhichcontainedthenegativeeffects
ofsmoking.Kühberger(1998) conductedameta-analysisof theearlycontributionsinmessageframingliterature.Froma samplesetof136empiricalanalyses,Kühbergercalculateda setof230effectsizes.Theresultswereinlinewiththeoriginal hypothesisofTverskyandKahneman,asmessagesinthegain framegenerallyledtorisk-aversebehaviourandmessagesin thelossframecausedmorerisk-seekingbehaviour.
Studiesinthemessageframingliteraturehaveconcluded that messages which focus on gains are moreeffective in nudgingconsumerstotakepreventivemeasurestomitigate risks.Inthislineofthinking,buyingasecureproductortaking privacyintoaccountcanalsobeseenasapreventivemeasure tomitigatetheriskofcyberthreatsorprivacyinfringements. Therefore,itcanbeexpectedthatmessagesfocusingonthe gainsofbuyingmoresecuredevicesandtakingprivacyinto accountaremoreeffective.Thisleadstothefollowing hypoth-esis.
-H4: Messages that focus on the gains of security and privacyare moreeffectiveinnudging userstopurchase more secure devices and consider privacywhen buying IoTdevices
Thus,aset offour hypotheseshavebeen developed re-gardingtheeffectofprivacyandsecurityonthepurchase be-haviourofconsumers.Thesehypothesesarevisualisedinthe causalmodelinFig.1.
3.
Method
Totest the hypotheses and investigate underlying motiva-tions,we performed both a quantitative and a qualitative study.
3.1. Quantitativestudy:statedchoiceexperiment
The data forthe quantitative study has been collected by meansofastatedchoiceexperiment.Stated choice experi-mentsareespeciallysuitedtoanalysetheeffectofdevice at-tributes,personalfactorsandframingonchoicebehaviour.In thisexperiment,therespondentswerepresentedwithvarious choicesetsconsistingoftwosmartthermostats.Smart ther-mostatshavebeenselectedsinceitcanbeexpectedthatmany respondentshavesomeknowledgeaboutthedevicesdueto theiravailabilityonthemarketandwidespreaduse.The alter-nativesinthechoicesetvariedwithregardtothreeattributes: Price,FunctionalityandSecurity.Privacywasnotincludedas anattributeinordertolimittheneedednumberofchoicesets perrespondent.Inordertoresemblereal-worldpricing,the priceattributevariedonfourlevels:€100,€150,€200,and€250. Thefunctionalityattributewascodedadditively,which im-pliesthatthenumberoffunctionalitiesincreasesasthevalue ofthe functionalityattributeincreases.Thefollowing func-tionalitieswereincludedaspartoftheattributelevels:
1.Remotecontrol(F1):Theuserisabletoremotelyaccessthe device inordertoadjustthe temperature,schedulingor makeuseofotherfunctionalities.
Fig.1– Causalmodel.
2.Geofencing (F2): The geofencing capability ofthe user’s smartphoneisusedtoassesswhethertheusershasleft his/herhouseandadjusttemperaturesaccordingly. 3.Sensing(F3):Thehomeisequippedwithsensors,which
assesswhethertheoccupantsareawake,sleepingor out-sideofthehouse.Thetemperatureisadjustedaccording tothedatacollectedbythesensors.
4.Learning(F4):Theuserinputsbasicscheduleparameters. Thedevicemakesuseofalgorithmsinordertolearnthe scheduleoftheoccupantsandcollectsdatafromsensing todetectchangesinthescheduleandrespondtothem. Thesecuritylevelvariedbetweentwolevels.Moreover,the respondentsinthestatedchoiceexperimentwererandomly dividedintotwogroups.Thedescriptionsofthesecurity at-tributeforbothlevels aredisplayedinTable1.For thefirst group, the securitylevel of the alternatives was framed in termsofgains,whilethedescriptionofthesecuritylevel fo-cusedonlossesforthesecondgroup.
Withtheseattributelevels,anorthogonalfractional facto-rialdesignwasconstructed.Eachrowofthedesigncontainsa profile.Thechoicesetswereconstructedbymeansof sequen-tialconstruction.
Table1– Securitydescription.
Frame Securitydescription
Gain “Thisdeviceis/isnotsecuredproperly” Loss “Thisdevicecan/cannotbehacked”
Perchoiceset,therespondentswereaskedwhetherthey would purchase each individual smart thermostat in the choiceset,giventhattheirthermostathadbrokenandthey werefacedwiththedecisiontobuyanewsmartthermostat. Inaddition,therespondentswereaskedquestions regard-ingasetofdemographicvariables,inordertotestthe repre-sentativityofthecollectedsample.Thefollowing demograph-icswereincludedinthesurvey:Age,gender,educationlevel andworkingsituation.
Finally,thesurveymeasuredasetofindicatorsthatwere expectedtoplayaroleinthechoicebehaviourofconsumers purchasingIoTdevices.Theseindicatorsfunctionasinputfor afactoranalysis,whichaimstodefineasetofpersonal fac-torsfrom theindicators.Thefactorshavebeenconstructed bymeans ofPrincipalAxisFactoring (PAF). Thismethodis
Table2– Indicators.
Nr. Statement
I1 “Ikeepupwithtechnologicaldevelopments”
I2: “Ireadthetechnologysectionwhenreadingnewspapersorvisitingnewswebsites” I3: “IfinditinterestingtofollowthedevelopmentofnewITproducts”
I4: “Innovationisimportantforeconomicdevelopment”
I5: “Investmentsininnovativetechnologiesareimportantforsociety” I6 “IfanewITproducthasbeendeveloped,Iwanttobuythefirstversion” I7: “IpayattentiontothesecurityrisksofmyITdevices”
I8 “WhenpurchasinganITdevice,Iconsiderthesecurityrisksofthedevice” I9: “ThesecurityofmyITdevicesisimportanttome”
I10: “Mypersonalinformationshouldbeprotectedsufficiently”
I11: “Ikeeptrackofwhichinformationiscollectedwhenusingonlineservices” I12: “IamconcernedwiththesecurityrisksofmyITdevices”
I13: “WhenusingITdevices,Iamconcernedwiththeuseofmypersonaldatabyexternalparties” I14: “Whenusingonlineservices,Iamconcernedwiththeuseofmypersonaldatabyexternalparties” I15: “IundertookactiontoimprovethesecurityofmyITdevices”
especiallysuited tomeasurethe valuesofnon-measurable constructssuchasviews,opinionsandbeliefs.Theaxeshave beenrotatedbymeansofobliquerotation,whichallowsfor correlationbetweenfactorsandsimplifiestheinterpretation offactors.
Inordertomeasurethevaluesontheindicators,the re-spondentswereaskedtoevaluatewhethertheyagreedwitha setofstatements.ThestatementsaredisplayedinTable2.
ThesurveywasspreadbyagroupofBScstudentsfromthe facultyofTechnology,Policyand ManagementofDelft Uni-versityofTechnologyaspartofadataanalyticscourse.The studentswereaskedtosharethesurveywithin theirsocial networkandcollect5responsestothesurveyperperson.
3.2. Quantitativestudy:discretechoicemodelling
Fromthecollecteddata,RandomUtilityMaximisation(RUM) based discrete choice models have been developed. These modelsdescribetheprobabilitythatacertaindecision-maker choosesanalternativefromagivensetofalternativeswhich varyonasetofcriteriaorattributes.
More specifically, Multinomial Logit (MNL) models are usedtoassesstheeffectsoftheattributes,personalfactors andframingonchoicebehaviour.MNLmodelsassumethat theerrortermsintheutilityfunctionareindependentlyand identicallydistributedacrossallalternatives,whichimplies thattheyhavethesameprobabilitydistributionandare mu-tuallyindependent.Theutilityofanalternativeiscalculated by thesum ofthe productofthe criteria scores and aset of linear parameters. Thus,the utility iscalculated by the followingformula: U(ai)= m j=1 wj∗E ai,cj +ε (1)
Wherewj isthe parameteror weightofattribute j,E(ai,cj)
representstheexpectedeffectofalternativeionattributej andε isequaltotheerrorterm.
ForMNLmodels,theprobabilitythatanalternativeis cho-senfromasetofalternativesiscalculatedasfollows: P(X=ai)=
eU(ai)
n j=1eU(aj)
(2)
WhereP(X=ai)entailstheprobabilitythatalternative Xis
chosenfromapredefinedchoiceset,U(ai)istheutilityof
al-ternativeiandnisequaltothenumberofalternativesinthe choiceset.
Forthemodelselectionprocess,variousmodelstatistics arecalculatedthatmeasurethequalityofthedeveloped mod-els.Firstly,theLikelihoodRatioTest(LRT)isusedtocompare thequalityoftwomodels.Thestatisticthatrelatestothistest iscalculatedasfollows:
LRS= − 2∗(LLA− LLB) (3)
WhereLLxistheLog-Likelihoodofmodelx.
Secondly,theR-squaredvalueiscalculatedforeachmodel bydividingthevarianceofthedependentvariablethat the modelisabletoexplainbythetotalvarianceofthedependent variable.
Finally,aniterativemodellingprocessisapplied,which im-pliesthatmoreexplanatoryvariablesareaddedtothemodel ineachiterationtoassesswhetheraddingmorevariablesto themodelsignificantlyimprovesthegoodnessoffit.Table3
providesadescription ofthemodels thatare developedin eachiteration.
3.3. Qualitativestudy
Thequalitativestudytookadifferentapproachby conduct-ingan onlinesurveyinwhichthe respondentswere asked openquestions regardingtheirdecision topurchaseornot topurchaseasmartthermostat.Thelinktothesurveywas spread via various socialmediaand within thesocial net-work ofthe researcher.Firstly,the respondentswere asked which factors had influenced their decision to buy or not to buya smart thermostat.Subsequently,the respondents
Table3– Modellingprocess.
ModelNr. Description
1.1 MNL:Deviceattributes
1.2 MNL:Deviceattributes+interactionfactorsandframingwithsecurityattribute
1.3 MNL:Deviceattributes+interactionfactorsandframingwithsecurityandfunctionalityattribute 1.4 MNL:Deviceattributes+interactionfactorsandframingwithsecurity.functionalityandpriceattribute
Table4– Scenarios.
ScenarioNr. Description
1 Thesmartthermostatcollectsdataaboutyourenergyuseandkeepstrackofyourlocation.Acriminalgainsaccessto thisinformationtodeterminetherightmomentforaburglary.
2 Thesmartthermostatcollectsdataaboutyourenergyuseandkeepstrackofyourlocation.Theproducerofyour thermostatcollectsthisdataandmaybeobligatedtoshareitwithexternalparties,suchasinsurersortax authorities.
3 Thesmartthermostatcollectsdataaboutyourenergyuseandkeepstrackofyourlocation.Theproducerofyour thermostatcollectsthisdataandsharesitwithmarketingbureaus,whichuseittodeveloppersonalised advertisements.
4 Acriminalgainsaccesstoyoursmartthermostat,allowinghim/hertocontroltheheatinginyourhouse. 5 Acriminalgainsaccesstoyourhomenetworkviayoursmartthermostat,allowingthecriminaltogainaccessto
personalinformationonthenetwork,suchaspasswordsorbrowsingdata.
6 Yoursmartthermostatispartofalargenetworkofdeviceswhichisbeingusedtoexecutecyber-attacksonlarge organisations.
were triggeredtocontemplate therole ofsecurityand pri-vacyintheirdecisiontobuyornottobuyasmart thermo-stat.Furthermore,therespondentswereshownasetof secu-rityandprivacyrisksdescribedbymeansofhypothetical sce-narios.Thescenarioswereconstructedbasedonknown at-tacks/incidentsfromliterature,anddescribedbasedonthe bowtie framework,i.e.intermsofthreat,event,and conse-quences.Wetriedtocover alargediversityofthreats, inci-dentsandconsequences,whilekeepingthenumberof sce-narioslimited.Anoverviewofthescenariosispresentedin
Table4.Therespondentswereaskedtoratetheseverityof each scenarioand provide amotivation fortheir ratingon a five-point scale. Finally, the respondents were requested to indicate which scenario described the most severe risk intheir opinion.Theresponseshavebeen analysedwitha codingapproachbyidentifyingcommonconceptsandtheir interrelations.
4.
Results quantitative study
4.1. Sample
For the quantitativestudy,the studentscollected adataset containing709respondents.Asubsetof93respondentswho did not provide ananswer tothe questions relatedto the choiceexperimentwereremovedfromthedataset.Moreover, 35responseswerecollectedfromthesameIPaddresswithin adistinctlysmalltimeframe.Theseresponseswereremoved fromthedatasetasitisunlikelyforsuchalargenumberof validresponsestobecollectedwithinasmalltimeframefrom thesameIPaddress.Theresultingsamplesizeusedforthe analysisis581.
4.2. Representativity
Inordertotesttherepresentativityofthecollectedsample, thevaluesofthedemographicalvariablesinthesampleare comparedtothevaluesofthesedemographicalvariablesfor thetargetpopulationofthestudy.Forthispurpose,various Chi-Squaredtestshavebeenexecuted.Theresultsshowthat the age groups 18-24 years and 50-59 years are overrepre-sented.Secondly,thesamplemostlyconsistsofrespondents who haveahigh education level.Finally, the working situ-ation categories“student” and“paid job” arestrongly over-representedinthesample.Theseoverrepresentationscanbe explainedbythe datacollection process.TheBSc students whospreadthesurveymostlikelysharedthesurveywith fel-lowstudents,housemates,siblings,parentsandothermature familymembers.
Theoverrepresentationsinthesamplemightcause under-oroverestimationoftheaveragevaluesofthevariables con-sideredinthe analysisbut arelesslikelytoaffectthe rela-tions betweenfactors,attributes, demographicsand choice behaviour.Inaddition,themainaimofthisresearchisto il-lustratethatcertainrelationsexist.Theoverrepresentations donotlimittheabilityofthedevelopedmodelstoreachthis goal.
4.3. Factoranalysis
Fromthevaluesoftheindicators,personalfactorshavebeen deducedbymeansofPrincipalAxisFactoring.Theresulting factorstructureisdisplayedinTable5.
Thefirstfactorisdefinedbyindicatorsthatrelatetothe attitude ofthe respondentstowardsprivacy/security issues ofITdevices.Thus,thisfirst factorcanbelabelledas “pri-vacy/security awareness”. Thesecond factor relates to the
Table5– Factorloadings.
Nr. Factor1 Factor2 Factor3
I1 - - -I2 .785 I3 .733 I4 -.888 I5 -.830 I6 .536 I7 - - -I8 .556 I9 - - -I10 - - -I11 .534 I12 .755 I13 .897 I14 .833 I15 .407 CA .833 .736 .854 CA=Cronbach’sAlpha
Table6– Modelselection.
Nr. Loglikelihood R2 LRT(criticalvalue)
1.1 5054.914 0.265
-1.2 4580.136 0.297 949.556(9.488) 1.3 4544.435 0.306 71.402(9.488)
1.4 4541.340 0.307 6.19(9.488)
respondent’s interest inthe developmentof technologyas well as their adoption of new technology. Therefore, the secondfactorcanbelabelledas“TechnologyAcceptance”. Fi-nally,thethirdfactorisdeterminedbythetwoindicatorsthat measuretheperceivedimportanceofinnovation.Thetwo in-dicatorsloadnegativelyonthefactor,whichimpliesthatthe indicatorsmeasurethepoleoppositeofthisconstruct. Conse-quently,thisfactorcanbelabelledas“Conservativeness”.The indicatorsthathavebeenremovedfromthefactoranalysis areexcludedfromtheanalysiscompletely,sincetheydonot possessasignificantlydifferentmeaningthanthefactors.
Sincethefactors(andassociateditems)usedinthisstudy were specificallytailored tothecontents ofthisstudy,they were developedin anexploratory manner.Itshould there-forebenotedthat(ideally)thefactorstructurerevealedhere shouldbevalidatedinfuturestudiesfollowingaconfirmatory approach(basedonothersamples).Thatbeingsaid,the reli-abilityscoresforallthreefactors(presentedinthelastrowof
Table5)werefoundtobegood(CronbachAlpha’s>0.70).In addition,the(exploratory)factorstructurewasalsosubjected toaConfirmatoryFactorAnalysis(AMOS25wasusedforthis purpose).Theresultingmodelshowedacceptablemodelfit ac-cordingtoconventionallyusedfitcriteria(χ2=206.6,df=41;
p=0.000,CFI=0.926,SRMR=0.072)(HuandBentler,1999), whichsupportstheconvergentanddiscriminantvalidityof thefactors.Hence,eventhoughthefactorsareestablishedin anexploratoryfashion,thereissufficientevidencethatthey arereliableandcapturedistinctivepsychologicaltendencies thatmaybeassumedtoinfluencechoicebehavioursof con-sumerspurchasingIoTdevices.
Table7– Modelparameters.
Attributes Parameter p Price(∗100euro) 0.656 0.000 Functionality 0.108 0.000 Security 1.041 0.000 Constant 0.771 0.000 Framinginteractions Framing∗Security 0.041 0.000 Framing∗Functionality 0.025 0.264 Framing∗Price -0.025 0.315 Factorinteractions
TechnologyAcceptance∗Security -0.054 0.092
Privacy/SecurityAwareness∗Security 0.162 0.000
Conservativeness∗Security -0.098 0.001
TechnologyAcceptance∗Functionality 0.095 0.000
Privacy/SecurityAwareness∗Functionality -0.126 0.525
Conservativeness∗Functionality -0.037 0.152
TechnologyAcceptance∗Price -0.059 0.045
Privacy/SecurityAwareness∗Price 0.022 0.429
Conservativeness∗Price -0.042 0.132
4.4. Modelselection
Duringthemodellingprocess,variousmodelshavebeen de-velopedandassessedbymeansofthemodelstatisticsthat havebeen discussedinSection 3.Themodelsandtheir re-spectiveR-SquarevalueandLRTaredisplayedinTable6.
AccordingtotheLRTvalues,model1.3providesthebestfit tothedata.However,theLRTvalueofmodel1.4isrelatively closetothecriticalvalueandthemodelcontains anotable interactioneffectofthepriceattributewiththetechnology acceptancefactor.Forthisreason,model1.4isusedtodraw conclusionsintheremainderofthispaper.
4.5. Modelparameters
Theparametersoftheresultingmodel,model1.4frommodel group1,aredisplayedinTable7.Theparametersinthemodels indicatehowstrongacertainattributeinfluencestheutility thatisprovidedtoaconsumerbyasmartthermostatandthe probabilitythatthesmartthermostatispurchased.
Firstly,themodelcontainsthedirecteffectsofthedevice attributeson the utilityofthe alternatives.Thus,three re-spectiveparametershavebeencalculatedforeachofthese attributes;Functionality,Priceand Security.Themodelalso containsaconstantthatdescribestheexpectedvalueor util-ityofasmartthermostatwheneachoftheattributesisset to0.Eachoftheseeffectsisstatisticallyandpractically sig-nificant.Inlinewiththehypotheses,thepriceattributehasa negativeeffectontheexpectedutilityofanalternative.The securitylevelandfunctionalityofanalternativehavea posi-tiveeffectontheutility.Theeffectofsecuritywas exception-allystrongwhencomparedtotheotherdeviceattributes.
Toallowamoreintuitiveinterpretationoftheparameters, willingness-to-paymeasurescanbecalculatedbydividingthe parameters related to functionality and security attributes bythepriceparameter.Thisindicatesthatrespondentsare, onaverage,willingtopay16euroforeachadditional func-tionality (e.g.a thermostatthathas geofencingin addition
toremotecontrol),andapremiumof159euroforasecure thermostat compared to a non-secure thermostat, which is a substantial amount giventhe providedprice range in thermostats(100-250euro).
Turningtothepsychologicalfactors,thetechnology accep-tance factor hassignificant interactions withthe three de-viceattributes.Respondentswithahighscoreonthisfactor arewillingtomakeconcessionsonsecurityandpricein or-dertobuythenewesttechnologythatprovidesthemwith in-novativefunctionalities.Similarly,theprivacy/security aware-nessfactorpositivelymoderatestheeffectofsecurityonthe purchasebehaviour,whichimpliesthatrespondentswhoare moreawareofsecurityandprivacyriskstakesecuritymore stronglyintoaccountwhenpurchasingadevice.Finally,the conservativenessfactornegativelyinteractswiththesecurity attributes.Thisresultsuggeststhatsecuritycontributesless tothevalueofadeviceforrespondentswhodonotvalue in-novation.
Withregardtoframing,theresultsshowthatsecurityhasa strongereffectonthepurchasedecisionforrespondentswho werefacedwiththegainsofbuyingasecuredevice.This find-ingisinlinewiththehypothesisofKahneman&Tversky,who postulatedthatpeoplearemoreriskaversewhenfacedwith possiblegains.
5.
Results qualitative study
5.1. Response
Atotalof27 responseswere providedtothesurveyforthe qualitativestudy.Inthecollectedsample,thehigher educa-tionlevelsarehighlyoverrepresented.
5.2. Purchasedecision
Firstly,therespondentswereaskedtoevaluatewhatfactors playedaroleintheirdecisiontobuyornottobuyasmart ther-mostat.Strikingly,securityor privacywereonlymentioned twiceasamotivation forthe purchasedecision.For device owners, the reasons topurchase a smartthermostat were mainlyfocusedaroundthefunctionalitiesthedeviceprovides, ease ofuseand energycostreductions.With regardtothe decisiontobuyaspecificsmartthermostat,the compatibil-itywithotherdevicessuchastheboiler,voiceassistantsand smarthomedeviceswasmentionedfrequently.
Afterbeingtriggeredtoactivelycontemplatetheroleof se-curityandprivacyintheirpurchasedecision,many respon-dentsareabletoaddresssomehigh-levelprivacyandsecurity relatedconcernsregardingsmartthermostats.
Theresultsshow thattherespondents onlystart think-ingaboutsecurityandprivacyconcernswhenbeingactively triggered toevaluate suchtopics.Without being prompted tothinkaboutprivacyandsecurity,therespondentsfocused mainlyonotherdeviceattributessuchasfunctionalityand easeofuse.
5.3. Riskawareness
15outofthe27respondentsindicatedthattheywereableto mentionsecurityandprivacyrisksofsmartthermostats.The respondentsmostlygavehighleveldescriptionsofsecurity andprivacyrisks,usingcommontermssuchas“hacking” or “datagoingpublic”.Itseemsnotablethattheriskdescriptions oftherespondentsstronglylackanydetailandarenotrelated torealisticthreatscenarios.
5.4. Scenario’s
Theassessmentofscenariosallowsforthegenerationof in-sightsregardingtheriskassessmentoftherespondents.The maingoaloftheanalysisistodeterminetheunderlying fac-torsthatinfluencethis processratherthanquantifying the effects of these factors.For this reason, the focus lies on analysingthemotivationsthattherespondentshaveprovided fortheirratingratherthanquantitativelyassessingthe rat-ingsperscenario.
Firstly,theperception ofthelevel ofsecurity orprivacy relatedtothedeviceisoftenmentionedasamotivationto rateascenario.Somerespondentsratetheseverityofarisk scenarioas“low” becausetheyexpectthatsufficientcontrols havebeenputinplace.For example,respondentsratedthe severityofrisksinprivacy-relatedscenariosas“low” because GDPRhasbeenputinplaceandthisregulationoughttobe suf-ficientprotectionagainstprivacyinfringements.Onthe con-trary,otherrespondentsmentionedthattheyperceived the levelofsecurityandprivacywithregardtoIoTdevicesin gen-eraltobelow.
Secondly,theprobabilityofoccurrenceseemstoplayarole intheriskevaluationprocess oftherespondents.Many re-spondentshaveratedtheseverityofascenariotobelow,as theythoughtthatsuchariskwouldbeveryunlikelytooccur inreallife.Ontheotherside,probabilityofoccurrencewas alsomentionedfrequentlyasamotivationtoratetheseverity ofariskas“high”.
Thirdly,thebenefitsforthethirdpartyarereportedasa motivationfortheassessmentofarisk.Iftherespondentis oftheopinionthatthethreatactorintheriskscenarioisnot abletoachieveanattractivebenefit,therespondentislikely toratetheseverityoftheriskas“low”.
Finally, the respondents often mention the impact of a riskscenario asacrucial factor.Toillustratethis,scenario 5(criminalaccessingpersonalinformation)posedthemost severe risk for many respondents, as this scenario has a further reaching impact than the other scenarios. In this scenario,the scope ofthe impact exceedsthe information thatiscollected,storedandusedwithregardtotheuseofthe smartthermostat.
6.
Conclusions
Thisstudyhasinvestigatedtheeffectofsecurityandprivacy ontheIoTdevicepurchasedecisionofconsumersby answer-ingthefollowingresearchquestion:
Fig.2– Causalmodelwitheffectsizes.
“Howdosecurityandprivacyinfluencethechoiceofconsumers tobuyanIoTdevice?Andhowsensitiveistheeffectofsecurity andprivacytoframingandpersonalfactors?”
Thequantitativepartofthestudytestedasetoffour hy-pothesesregardingtheeffectoftheprice,functionalityand securityofadeviceontheprobabilitythatthedeviceis pur-chased.TheresultingcausalmodelisdisplayedinFig.2.
Inline withourhypotheses,the study revealedthat se-curity hasanotablystrongeffectonthe purchasedecision ofrespondents inastated choiceexperiment.Onthe con-trary,securityandprivacywereonlymentionedonceortwice asamotivationtobuyornottobuyasmartthermostatby therespondentsinthesurveyforthequalitativestudy.The maindifferencebetweenbothstudiesisthattherespondents inthequantitativestudyare triggeredtothink about secu-rity,whilethisisnotthecaseinthequalitativestudy. More-over,therespondentsinthequantitativestudyarepresented withaneasilyunderstandabledescriptionofsecurity,which allowsthemtoeasilycomparealternativesregardingthe se-curitylevel.Itislikelythatthisisnotisnotthecaseinreal worldsituations.
Thesecondpartoftheresearchquestiontargetsthe sensi-tivityoftheeffectofsecurityandprivacytoframingand per-sonalfactors.Regardingframing,theresultsshowthat secu-rityhasastrongereffectforrespondentswhoreceivedagain focuseddescriptionofsecurity.Thisfindingisinlinewiththe hypothesisofProspectTheory,whichpostulatesthatpeople aremoreriskaversewhenfacedwithpossiblegains.
Furthermore,theresultshaveillustratedthatconsumers whoaremoreawareoftheprivacy/securityrisksof(IoT) de-vices,takesecuritymorestronglyintoaccountwhen purchas-ingIoTdevices.Thequalitativestudyalsoinvestigatedtherisk awarenessofconsumers.Theresultsindicatedthatsome con-sumersareabletolistsomeofthesecurityandprivacyrisks ofsmartthermostats.However,thedescriptionsoftheserisks stronglylackdetailandarenotspecificforsmartthermostats. Inaddition,thequalitativestudyexaminedtherisk assess-mentprocessofconsumers.Fromthisanalysis,asetoffactors havebeenderivedthatwerefrequentlymentionedasa mo-tivationtoassesstheseverityofaprivacyorsecurityrelated riskofsmartthermostats.Thefollowingfactorswerefoundto berelevant:Perceivedsecurityandprivacylevel,probabilityof occurrence,thirdpartybenefits,andimpact.
Finally,thequantitativestudyfoundanegativeinteraction effectofthetechnologyacceptancefactorwiththepriceand securityattributesandapositiveinteractioneffectwiththe functionalityattribute.Thissuggeststhatpeoplewhoscore highonthisfactorcanbeseenasthe“firstadopters” of in-novativetechnologiesandaremorewillingtobuylesssecure andmoreexpensiveproductsthatdoprovidethemwithnew functionalitiesandimprovetheirqualityoflife.
To conclude,the study hasfoundthat securityand pri-vacy canhave a strong effect on the purchasedecision of consumers, under the specific circumstances that privacy andsecurityrelatedinformationispresentedtoconsumers and is communicated in an understandable manner that allows for comparison of alternative devices in a simple and timely manner.Theeffect ofsecurityismoderated by the privacy/security awareness,technology acceptanceand conservativeness of consumers. Finally, the results show that securityrelatedinformationthat focusesonthe gains ofsecurityismoreeffectiveinnudgingconsumerstowards buyingmoresecuredevices.
7.
Discussion
Theresultsofthisstudyhaveseveralpracticalimplications. Thisresearch hasshownthat securitydoes affectthe pur-chase behaviour of consumers under the condition that securityorprivacyrelatedinformationispresentedto con-sumersandiscommunicatedinasimpleandunderstandable manner.Thisresultsuggeststhatgovernmentalbodiescould nudgeuserstowardsbuyingmoresecuredevicesandtaking privacyinto accountbyensuringthatsuchcommunication takesplace,allowingfortimely comparisonofdevices with regard tosecurity and privacy.Governmental bodies could work towardsthis goal bydefiningstandards orlegislation thatdescribewhatsecurity-andprivacy-relatedinformation shouldbeprovidedtoconsumersandhowthisinformation should becommunicated.Due tothe immense complexity oftheIoTsecurityandprivacytopic,itisadvisedtoinclude market parties,suchasmanufacturersand retailers,inthe developmentprocessofsuchlegislationorstandards.
Furthermore,the resultsofthe study indicate that con-sumerswhoaremoreawareofprivacyandsecurityrisksare morelikelytoconsidersecurityandprivacywhenpurchasing IoTdevices.Thus,improvingtheriskawarenessofconsumers supportsthegoalofnudginguserstowardsbuyingmore se-curedevicesandtakingtheirprivacyintoaccountwhen pur-chasingdevices.Inordertoreachthisgoal,governmental bod-iescouldinitiateawarenessprogramsthatspecificallyfocus oncommunicatingsecurityandprivacyrisksofIoTdevicesto consumers.Insomecountries,suchprogramshavebeen ini-tiatedbygovernmentalbodies.Forexample,theDutch gov-ernmenthaslaunchedasecurityawarenesscampaign specif-icallytargetedatnudgingconsumerstowardsupdating soft-wareinatimelymanner.Theresultsofthequalitativestudy haveidentifiedfourpotentialfactorsthatcouldformthe ba-sisofsuchefforts:perceivedsecurityandprivacy,probability ofoccurrence,thirdpartybenefitsandimpact.Finally,the re-sultssuggestedthatthefirstadoptersofinnovative
technolo-giescanbeidentifiedasapotentialfocusgroupforawareness campaigns.
Intermsofscientificimplications,this studyshowsthat statedchoiceexperimentscanbeusedasamethodto esti-mateframingeffects.Incurrentstudies,framingeffectsare oftenevaluatedbypresentingresearchsubjectswithasingle choicetask.Bymeansofstatedchoiceexperiments,the stan-darderrorsoftheresultingparametersarelowered,thus im-provingthevalidityofthedevelopedmodels.Additionally,the methodallowsresearcherstocomparetheeffectsofvarious attributesonchoicebehaviour.
Inaddition,thestudycontributestotheTAMfieldby eval-uatingtheeffectofvarious explanatoryfactorsonthe pur-chasedecisionofconsumers.Thestudydiffersfromthe stud-iesintheTAMfieldwithregardtothedependentvariablein itscausal model.ThedependentvariableinTAMstudiesis theacceptanceoftechnologies,whilethechoiceforaspecific devicefunctionsasthedependentvariableinthisstudy.The measurementofthedependentvariablealsodiffersfrom ex-istingstudies.Inthisstudy,astatedchoiceexperimentisused tomeasurethechoicesratherthanobservingtheoutcomeof asinglechoicetask.
8.
Limitations
The quantitativestudy has observed stated choices rather thanchoicesinreal-worldsituations.Itcanbearguedthatthis limitsthevalidityofthedevelopedmodels,aspeoplemight exhibitsignificantlydifferentchoicebehaviourinthesetting ofastatedchoiceexperiment.Forexample,theeffectof se-curitymightbelowerinthecaseofreal-worldpurchasesdue tothelimitedavailabilityofsecurityrelatedinformation.This mighthaveledtoanoverestimationoftheeffectofsecurity inthisstudy.
Inreal-worldchoicesituationsrespondentsmay (wrong-fully)assumethatIoTproductshavebuilt-insecurity. How-ever,theonlywaytogetasenseofhowmuchpeopleare will-ingtopayforthisisbyexperimentallyvaryingasecurity at-tribute,therebyalsotriggeringrespondentstopayattentionto itinthefirstplace.ItmaybespeculatedthatwhenIoT prod-uctsbecomemorecommon,peoplewillalsogainexperiences withpossiblesecurityrisksand/oractualsecuritybreaches, whichwilllikelymakeconsumerssensitivetothisattribute infuturepurchases.
Moreover,thealternativesinthestatedchoiceexperiment variedonasmallsetofthreeattributes.Itcanbeexpectedthat otherdeviceattributes,suchaseaseofuseorcompatibility withotherdevices,alsohaveastrongeffectonthepurchase behaviourofconsumers.
Limitationscanalsoarisefromthespecificcodingofthe deviceattributes.Inthiscase,theoperationalisationofthe se-curityattributehasitsdrawbacks.Thesecurityattributehas beenvariedontwolevels.Itispossiblethatthiscodinghas ledtoanoverestimationoftheeffectofsecurityonthechoice behaviour,asitseemssensiblethatmostrespondentswould notpurchaseadevicethat“isnotsecuredproperly” or“canbe hacked”.
Fourthly,itisquestionable whethersecurityandprivacy canbeframedasapuregain.Toillustratethis,thesecurity
attributewasframedas“thisdevice is/isnotsecured prop-erly”.Theterm“secured” stillsuggeststhatthereexistssome externalthreat.Thisexternalthreatcanbeseenaspotential loss.However,theterm“securing” seemsamorepositiveterm than“hacking” fromasemanticpointofview.
MNLmodelshavebeendevelopedtoassesstheeffectof securityonchoicebehaviourinthequantitativestudy.MNL modelsassumethattheerrortermsintheutilityfunctionare independentandidenticallydistributed(i.i.d.).Ifthis assump-tionisincorrect,thiscanresultinbiasedparameterestimates. Forthequalitativestudy,asurveywasusedtorevealthe underlying rationales that determine how security affects thechoicebehaviourofconsumers.Asurveyallowsforthe generation of responses in a timely and costless manner. However, using a survey for this goal has its limitations. Whenusingasurvey,theresearcherisnotabletoaskfollow up questions when needed. An interactive survey design was appliedthat askedthe respondentsformorein-depth answers inordertodealwiththis limitation.Also,because of the overrepresentation of higher education levels, the resultsofthequalitativestudycannotbegeneralisedtothe populationatlarge.However,theresultsstillprovideinsight inpossiblemechanismsthatexplaintheroleofsecurityand privacyinpurchasedecisions.
9.
Further research
In parallel to the study described here, Emami-Naeini et al. (2019) researched how privacy and security factorintoIoTdevicepurchasebehaviourbyconductingaset of24semi-structuredinterviews andspreadingafollowup survey towhich 200participants provideda response.The respondents were askedtorank certain factors theywould takeintoconsiderationwhenpurchasingIoTdevices.Security wasrankedtheasthethirdmostimportantfactor,afterprice andfeatures.Bycontrast,purchasechoicesfordevicesthat vary on theseattributesare observedin thepresent study, withtheimportanceofthefeaturesderivedfromthechoice models.Thisconfirmsthatdifferentapproachesyield differ-entinformationregardingpurchasebehaviourandassociated preferences,whichwealsosawinthe differencesbetween ourquantitativeandqualitativestudy.
Moreresearchisneededtofurtheraddresstheidentified knowledgegaps.Firstly,thisstudy onlyinvestigated the ef-fectofalimitedsetofthreedeviceattributes.Privacywasnot includedasadeviceattributeinthisstudy.Inordertoassess whethersimilarconclusionsholdforprivacyandcomparethe effectsofsecurityandprivacytootherdeviceattributes, fu-tureresearchcouldbuilduponthisstudybyincludingprivacy andotherdeviceattributes.
Secondly, the security attribute was coded as a binary variable,whichmighthaveledtothe overestimationofthe effect of security on the purchase decision of consumers. Futureresearchcouldevaluatehowotheroperationalisations of security affect choice behaviour in order to determine whatoperationalisationismostsuitedtonudgeconsumers towardsbuyingmoresecuredevices.
Thirdly,thisstudyhasobservedstatedchoicesratherthan real-worldchoices.Furtherresearchcoulduserevealedchoice
dataas an inputforthe development ofchoicemodels to assess whether real-worldchoice behaviour resembles the choicebehaviourinastatedchoiceexperiment.Forexample, activityonwebshopscouldbemonitoredtocollectdata re-gardingthepurchasebehaviourofconsumers.
Finally,futureresearchcouldtargetotherstakeholdersthat buyIoTdevices,notablybusiness users.Withinthis group, adistinctioncanbemadebetweensmallcompanies,which typicallydonothavesecurityspecialists,andlarge compa-nies,wherethesecuritydepartmentmaybeinvolvedinthe purchase.Therefore, onewould expect purchase decisions insmall companies tobe similar toindividual consumers, whereasdecisionsinlargecompaniesmaybelesssensitive toadditionalsecurityexplanations.
Declaration of Competing Interest
Theauthorsdeclarethattheyhavenoknowncompeting fi-nancialinterestsorpersonalrelationshipsthatcouldhave ap-pearedtoinfluencetheworkreportedinthispaper.
CRediT authorship contribution statement
NickHo-Sam-Sooi:Conceptualization,Methodology, Inves-tigation,Writing -original draft.Wolter Pieters: Methodol-ogy,Supervision,Writing-review&editing.MaartenKroesen:
Methodology,Supervision,Writing-review&editing.
R E F E R E N C E S
ArmstrongK, SchwartzJS, FitzgeraldG, PuttM, UbelPA.Effectof framingasgainversuslossonunderstandingand
hypotheticaltreatmentchoices:survivalandmortalitycurves. Med.Decis.Making2002;22(1):76–83.
ChongD, DruckmanJN.Framingtheory.Annu.Rev.Polit.Sci. 2007;10:103–26.
CrespoAH, delBosqueIR, delosSalmonesSánchezMG.The influenceofperceivedriskonInternetshoppingbehavior:a multidimensionalperspective.J.RiskRes.2009;12(2):259–77. DavisFD.Perceivedusefulness,perceivedeaseofuse,anduser acceptanceofinformationtechnology.MISQ.1989:319–40. DetweilerJB, BedellBT, SaloveyP, ProninE, RothmanAJ.Message
framingandsunscreenuse:gain-framedmessagesmotivate beach-goers.HealthPsychol.1999;18(2):189.
Emami-NaeiniP, DixonH, AgarwalY, CranorLF.Exploringhow privacyandsecurityfactorintoIoTdevicepurchasebehavior. In:Proceedingsofthe2019CHIConferenceonHumanFactors inComputingSystems.ACM;2019.p.534.
EntmanRM.Framing:towardclarificationofafractured paradigm.J.Commun.1993;43(4):51–8.
GuJC, LeeSC, SuhYH.Determinantsofbehavioralintentionto mobilebanking.ExpertSyst.Appl.2009;36(9):11605–16. HuLT, BentlerPM.Cutoffcriteriaforfitindexesincovariance
structureanalysis:Conventionalcriteriaversusnew alternatives.Struct.Eq.Model.1999;6(1):1–55.
KahnemanD, TverskyA.Prospecttheory:ananalysisofdecision underrisk.Econometrica1979;47(2):363–91.
KühbergerA.Theinfluenceofframingonriskydecisions:A meta-analysis.Organ.Behav.Hum.Decis.Process. 1998;75(1):23–55.
SalisburyWD, PearsonRA, PearsonAW, MillerDW.Perceived securityandWorldWideWebpurchaseintention.Ind. Manage.DataSyst.2001;101(4):165–77.
SchaubF, BalebakoR, DurityAL, CranorLF.Adesignspacefor effectiveprivacynotices.In:EleventhSymposiumOnUsable PrivacyandSecurity(SOUPS2015);2015.p.1–17.
SchneiderTR, SaloveyP, PallonenU, MundorfN, SmithNF, StewardWT.Visualandauditorymessageframingeffectson tobaccosmoking1.J.Appl.Soc.Psychol.2001;31(4):667–82. SicariS, RizzardiA, GriecoLA, Coen-PorisiniA.Security,privacy
andtrustinInternetofThings:theroadahead.Comput. Netw.2015;76:146–64.
SinghKJ, KapoorDS.Createyourowninternetofthings:asurvey ofIoTplatforms.IEEEConsum.Electron.Mag.2017;6(2):57–68. NickHo-Sam-SooiholdsanMScdegreeinComplexSystems En-gineeringandmanagementwithanITspecializationtrackatthe facultyofTechnology,PolicyandManagementfromDelft Univer-sityofTechnology.Inaddition,hefollowedseveral cybersecurity-relatedcoursesfromthecybersecurityspecializationthatwas or-ganizedincollaborationwiththeUniversityofTwente.Forhis the-sis,heresearchedtheeffectofprivacyandsecurityonIoTdevice
purchaseintent.Aftercompletingthethesisandobtaininghis de-gree,heisnowworkinginthecybersecurityfieldasaconsultant.
WolterPieters isassociateprofessorofcyberriskatDelft Uni-versityofTechnology,FacultyofTechnology,Policyand Manage-ment.HehasMScdegreesincomputerscienceandphilosophyof technology.AfterfinishinghisPhDthesisontheelectronicvoting controversy,hewasinvolvedinseveralprojectsoncybersecurity riskmanagement,whilealsopublishingoncybersecurityethics andhumanfactors.Heorganizedseveralinternationalseminars onemergingtopicsincybersecurity,andwasprogramco-chairof theNewSecurityParadigmsWorkshopin2018and2019.His cur-rentresearchfocusisoncybersecurebehaviourandcybersecurity communication.
MaartenKroesenisassociateprofessorinTravelBehaviour Re-searchattheFacultyofTechnologyPolicyandManagement.He hasa strongtrack record indeveloping and testing novel be-haviouraltheories usingadvanced statisticalmethods.His ap-plicationdomainismostlytransportation,buthehaspublished inmanyotherdomains(ICT,acoustics,psychology,tourismand health).