Increasingly sophisticated cyberattacks often systematically target organizational insiders. Their motivation for self-protection has therefore an important role in cybersecurity of organizations. Protection motivation studies in information security literature are largely based on the protection motivation theory (PMT) without proper adaptation to the organizational context. Additionally, only few studies consider the role of fear in protection motivation although PMT itself is based on fear appeals. This paper aims to revise PMT to better fit the organizational context of organizational insiders. A survey was conducted among academics (N = 255) at six Slovenian universities to reexamine threat appraisals of organizational insiders, and the mediating and moderating roles of fear of cyberattacks in protection motivation. CB-SEM analysis of survey data supports the distinction between appraisals of threats to the individual and to the organization. It also supports differentiating between perceived threats and fear of cyberattacks. Although we did not find support for the mediating role of fear of cyberattacks, perceived threats may mediate the association between perceived severity and vulnerability, and protection motivation. Only perceived vulnerability of the individual and perceived severity of consequences for the organization affect perceived threats. Perceived threats and measure efficacy influence protection motivation. Fear of cyberattacks dampens the positive relationship between self-efficacy and protection motivation. Self-efficacy influences protection motivation only when fear of cyberattacks is low. Interventions aiming to increase protection motivation need to focus on raising the perceived vulnerability of individuals, emphasizing the consequences for the organization, and increasing the efficacy of self-protective measures. Interventions aiming to improve self-efficacy may be effective only when there is low fear of cyberattacks and can be avoided when high fear of cyberattacks is expected.

越来越复杂的网络攻击通常系统地针对组织内部人员。因此，他们自我保护的动机在组织的网络安全中具有重要作用。信息安全文献中的保护动机研究很大程度上基于保护动机理论（PMT），而没有适当地适应组织环境。此外，尽管PMT本身基于恐惧诉求，但很少有研究考虑恐惧在保护动机中的作用。本文旨在修订PMT，以更好地适应组织内部人的组织环境。在学者中进行了调查（N = 255）在斯洛文尼亚的六所大学重新审查组织内部人员的威胁评估，以及对网络攻击的恐惧在保护动机中的中介作用和调节作用。CB-SEM对调查数据的分析支持了对个人和组织的威胁评估之间的区别。它还支持区分感知到的威胁和对网络攻击的恐惧。尽管我们没有找到对担心网络攻击的中介作用的支持，但感知到的威胁可能会介导感知到的严重性和脆弱性与保护动机之间的关联。只有感知到的个人脆弱性和感知到的对组织后果的严重性才会影响感知到的威胁。感知到的威胁和衡量功效会影响保护动机。对网络攻击的恐惧削弱了自我效能与保护动机之间的积极关系。自我效能只有在对网络攻击的恐惧感很低的情况下才会影响保护动机。旨在增加保护动机的干预措施应着重于提高个人的感知脆弱性，强调对组织的后果以及提高自我保护措施的效力。旨在提高自我效能的干预措施只有在对网络攻击的恐惧较小的情况下才有效，而在预期对网络攻击的恐惧程度较高的情况下，则可以避免。强调对组织的后果，并提高自我保护措施的效力。旨在提高自我效能的干预措施只有在对网络攻击的恐惧较小的情况下才有效，而在预期对网络攻击的恐惧程度较高的情况下，则可以避免。强调对组织的后果，并提高自我保护措施的效力。旨在提高自我效能的干预措施只有在对网络攻击的恐惧较小的情况下才有效，而在预期对网络攻击的恐惧程度较高的情况下，则可以避免。