Blythe, John M., Gray, Alan and Collins, Emily ORCID: https://orcid.org/0000-0001-9607-3113 2020. Human cyber risk management by awareness professionals: carrots or sticks to drive behaviour change? Presented at: 22nd International Conference on Human-Computer Interaction (HCII 2020), Virtual, 19-24 July 2020. Published in: Moallem, Abbas ed. HCI for Cybersecurity, Privacy and Trust: Second International Conference, HCI-CPT 2020, Held as Part of the 22nd HCI International Conference, HCII 2020, Copenhagen, Denmark, July 19–24, 2020, Proceedings. Lecture Notes in Computer Science and Information Systems and Applications, incl. Internet/Web, and HCI Springer, Cham, pp. 76-91. 10.1007/978-3-030-50309-3_6 |
Abstract
Cyber crime is rising at an unprecedented rate. Organisations are spending more than ever combating the human element through training and other interventions, such as simulated phishing. Organisations employ “carrots” (rewards) and “sticks” (sanctions) to reduce risky behaviour. Sanctions (such as locking computers and informing one’s line manager) are problematic as they lead to unintended consequences towards employee trust and productivity. This study explored how organisations use rewards and sanctions both in their campaigns and specifically following simulated phishing. We also assessed what factors (such as control over rewards, tendency to blame users) influenced security awareness professionals’ use of rewards and sanctions. The findings revealed that organisations use a variety of rewards and sanctions within their campaigns, with sanctions being used across 90% of the organisations. We did not find any factors that influence security awareness professionals’ usage of rewards and sanctions. Our findings suggest the need for a greater consideration of the human element of cyber security. In particular, campaigns should take a more informed approach to use of behaviour change strategies that consider the organisational structure in which they are implemented and the role (and influence) of security awareness professionals within that structure.
Item Type: | Conference or Workshop Item (Paper) |
---|---|
Date Type: | Published Online |
Status: | Published |
Schools: | Psychology |
Publisher: | Springer, Cham |
ISBN: | 9783030503086 |
ISSN: | 0302-9743 |
Date of First Compliant Deposit: | 16 October 2020 |
Date of Acceptance: | 11 March 2020 |
Last Modified: | 09 Nov 2022 09:25 |
URI: | https://orca.cardiff.ac.uk/id/eprint/135683 |
Citation Data
Cited 2 times in Scopus. View in Scopus. Powered By Scopus® Data
Actions (repository staff only)
Edit Item |