Quiz Entry - updated: 2026.07.05
Which three factors make up the threat appraisal (Bedrohungseinschätzung) in Protection Motivation Theory?
Perceived vulnerability, perceived severity — and the rewards of NOT protecting yourself.
* The three threat-appraisal factors: perceived vulnerability, perceived severity, and the (subtracted) rewards of unsafe behaviour. *
- Wahrgenommene Vulnerabilität (perceived vulnerability) — "how likely is it to hit me?" Most users believe attackers only target important people — which is why "I'm not interesting enough" is the most common awareness killer.
- Wahrgenommener Schweregrad (perceived severity) — "how bad would it be?" A blocked account feels mild; not so a leaked client database.
- Intrinsische & extrinsische Belohnung — the rewards of the unsafe behavior: convenience, saved time, social approval ("everyone shares passwords here"). High rewards for insecure behavior weaken the threat side.
Why the third factor is the sneaky one: awareness campaigns usually pump vulnerability and severity but ignore that insecure behavior is rewarding — reusing a password costs nothing today and saves effort every day. Reducing that reward (e.g. password managers that make the secure path the convenient one) attacks the appraisal where it's actually decided.
Go deeper:
Protection motivation theory — Wikipedia — Listet die PMT-Faktoren inkl. Vulnerabilität, Schweregrad und Belohnungen.