Select Page

Research Library

The world’s first globally accessible archive of research into the human aspect of cybersecurity and behavioral science as applied to cybersecurity awareness and online behavioral change.

To see the latest studies from pioneering academics, scroll down.

Do one more thing right today. Subscribe to the Behave Newsletter

Filter results by

Clear all filters

Selected filters

Nothing ventured, nothing gained. Profiles of online activity, cyber-crime exposure, and security measures of end-users in European Union

We use large-scale survey data from the Eurobarometer 77.2/2012 to explore variability in online activity, cyber-crime exposure, and security measures of end-users in European Union (EU27). While cyber-security is a high-priority activity for security experts and researchers, end-users conduct it in the context of their daily lives, as a socially accountable and resource-limited activity. We...

How to deal with individuals who repeatedly fail phishing simulations

In most companies, a small percentage of employees repeatedly fail phishing simulations. These “repeat responders” should be addressed through frequent phishing exercises to build muscle memory in identifying a phish. The cybersecurity team should work to identify what other resources are needed to reduce the tendency for repeat responders, i.e., identify process or technology updates...

Investigation of human weaknesses in organizational cybersecurity: A meta-analytic approach

The rapid proliferation of digital technology and the increasing reliance on digital systems have made cybersecurity a critical concern for organizations and individuals worldwide. While technical solutions have been the primary focus in addressing cybersecurity threats, the human element has often been overlooked, despite evidence suggesting that human behavior is a significant contributor to cybersecurity...

Bottom-up psychosocial interventions for interdependent privacy: Effectiveness based on individual and content differences

Although a great deal of research has examined interventions to help users protect their own information online, less work has examined methods for reducing interdependent privacy (IDP) violations on social media (i.e., sharing of other people's information). This study tested the effectiveness of concept-based (i.e., general information), fact-based (i.e., statistics), and narrative-based (i.e., stories) educational...

Developing metrics to assess the effectiveness of cybersecurity awareness program

Cybersecurity awareness (CSA) is not just about knowing, but also transforming things learned into practice. It is a continuous process that needs to be adjusted in subsequent iterations to improve its usability as well as sustainability. This is possible only if a CSA program is reviewed and evaluated timely. Review and evaluation of an awareness...

SCENE: A structured means for creating and evaluating behavioral nudges in a cyber security environment

Behavior-change interventions are common in some areas of human-computer interaction, but rare in the domain of cybersecurity. This paper introduces a structured approach to working with organisations in order to develop such behavioral interventions or ‘nudges’. This approach uses elements of co-creation together with a set of prompts from the behavior change literature (MINDSPACE) that...

The nudge puzzle: Matching nudge interventions to cybersecurity decisions

Nudging is a promising approach, in terms of influencing people to make advisable choices in a range of domains, including cybersecurity. However, the processes underlying the concept and the nudge’s effectiveness in different contexts, and in the long term, are still poorly understood. Our research thus first reviewed the nudge concept and differentiated it from...

Toward sustainable behaviour change: An approach for cyber security education training and awareness

Effective information security education, training and awareness (SETA) is essential for protecting organisational information resources. Whilst most organisations invest significantly in implementing SETA programs, the number of incidents resulting from employee noncompliance with security policy are increasing. This trend may indicate that many current SETA programs are not as effective as they should be. We...

Cyber security awareness campaigns: Why do they fail to change behaviour?

The present paper focuses on Cyber Security Awareness Campaigns, and aims to identify key factors regarding security which may lead them to failing to appropriately change people’s behaviour. Past and current efforts to improve information-security practices and promote a sustainable society have not had the desired impact. It is important therefore to critically reflect on...

Cybersecurity risk management in small and medium-sized enterprises; A systematic review of recent evidence

Small and medium-sized enterprises (SMEs) have been encouraged to take advantage of any possible business opportunities by utilizing and adopting new-technologies such as cloud computing services, there is a huge misunderstanding of their cyber threats from the management perspective. Underestimation of cybersecurity threats by SMEs leads to an increase in their vulnerabilities and risks, which...

Rebooting IT security awareness – How organisations can encourage and sustain secure behaviours

Most organisations are using online security awareness training and simulated phishing attacks to encourage their employees to behave securely. Buying off-the-shelf training packages and making it mandatory for all employees to complete them is easy, and satisfies most regulatory and audit requirements, but does not lead to secure behaviour becoming a routine. In this paper,...

A systematic review of current cybersecurity training methods

Cybersecurity continues to be a growing issue, with cyberattacks causing financial losses and loss of productivity and reputation. Especially in an organisational setting, end-user behaviour plays an essential role in achieving a high level of cybersecurity. One way to improve end-user cybersecurity behaviour is through comprehensive training programmes.There are many contradictory statements and findings with...

What influences employees to follow security policies?

Incorporating the Value of Congruence Model (VC), the Theory of Planned Behavior Model (TPB), and Security-Conscious Care Behavior, this study demonstrates that cybersecurity behavior can be effectively influenced through straightforward and cost-efficient measures. Such an approach offers substantial advantages to companies seeking to protect their assets. By analyzing data from 193 respondents, the research underscores...

Avoid being a victim of social engineering attack during the COVID-19 pandemic

This article delves into the impact of the COVID-19 pandemic on the proliferation of social technology attacks. It discusses the implications of these emerging threats and offers strategies for addressing them. By examining various known threats associated with coronaviruses, this report provides valuable insights and recommendations for entities and enterprises. Furthermore, the study explores the...

Mindfulness and cybersecurity behavior: A comparative analysis of rational and intuitive cybersecurity decisions

Despite substantial investments in technological solutions to bolster cybersecurity, human factors, such as employees falling for phishing attacks, remain a significant vulnerability that can undermine even the most advanced security systems. Drawing upon dual-process theories of cognition, this study posits that a brief mindfulness practice may mitigate automatic responses to phishing attempts by improving rational...

How to launch a behavior-change revolution

A team spear-headed by University of Pennsylvania researchers have launched an ambitious research project called Behavior Change for Good. The project will attempt to determine the best behavioural-change practices in three areas: health, education and personal finance. It will test many ideas with the ultimate aim of uncovering how best to change human behaviour.  

Behavioural insights in public health England

The public health behavioural insights team offer a general introduction to behavioural economics, show how theories have been successfully applied to the public health sector and present a framework for designing behavioural change interventions.  

ABC of behaviour change theories

83 theories of behaviour change that could be used to design behaviour change interventions are discussed in detail.