Select Page

Research Library

The world’s first globally accessible archive of research into the human aspect of cybersecurity and behavioral science as applied to cybersecurity awareness and online behavioral change.

See the latest studies from pioneering academics below, or explore SebDB, the world’s security behavior database, at sebdb.com

Do one more thing right today. Subscribe to the Behave Newsletter

Filter results by

Clear all filters

Selected filters

The Behavior Grid: 35 ways behavior can change

This paper presents a new way of categorizing behavior change in a framework called the Behavior Grid. This preliminary work shows 35 types of behavior along two categorical dimensions. To demonstrate the analytical potential for the Behavior Grid, this paper maps behavior goals from Facebook onto the framework, revealing potential patterns of intent. To show...

Employee behavior: the psychological gateway for cyberattacks

Purpose – Cyberattacks have become a major threat to small and medium-sized enterprises. Their prevention efforts often prioritize technical solutions over human factors, despite humans posing the greatest risk. This article highlights the importance of developing tailored behavioral interventions. Through qualitative interviews, we identified three persona types with different psychological biases that increase the risk...

Leveraging situational judgment tests to measure behavioral information security

Situational Judgement Tests (SJTs) are a multidimensional measurement method commonly used in the context of employment decisions and widely researched in the field of industrial and organizational (I-O) psychology. However, the use of SJTs in the field of information system (IS) security is limited. Applying SJT research from the field of I-O psychology to IS...

Emotional cost of cyber crime and cybersecurity protection motivation behaviour: A systematic literature review

The impact of a cyberattack on an organisation is multifaceted, at the employee level, cyber threat is a sensitive issue which needs further understanding. Founded in psychology research, emotions affect protection motivation behaviours at the individual level in the context of cybersecurity. The majority of the research studies focus on how external factors affect employees'...

Development of a new ‘human cyber-resilience scale’

While there has been an upsurge in interest in cyber resilience in organizations, we know little about the resilience of individuals to cyber attacks. Cyber resilience in a domestic or non-work setting is important because we know that the majority of people will face cyber threats in their use of technology across a range of...

What drives generation Z to behave security compliant? An extended analysis using the theory of planned behaviour

Cyber security remains a relevant topic for organisations. While companies invest in expensive security tools security awareness training often is neglected, even though human error still accounts for a large part of cyber incidents (Gartner, 2022). At the same time there is currently an important generational shift, as Generation Z (Gen Z) is starting to...

Bottom-up psychosocial interventions for interdependent privacy: Effectiveness based on individual and content differences

Although a great deal of research has examined interventions to help users protect their own information online, less work has examined methods for reducing interdependent privacy (IDP) violations on social media (i.e., sharing of other people's information). This study tested the effectiveness of concept-based (i.e., general information), fact-based (i.e., statistics), and narrative-based (i.e., stories) educational...

Developing metrics to assess the effectiveness of cybersecurity awareness program

Cybersecurity awareness (CSA) is not just about knowing, but also transforming things learned into practice. It is a continuous process that needs to be adjusted in subsequent iterations to improve its usability as well as sustainability. This is possible only if a CSA program is reviewed and evaluated timely. Review and evaluation of an awareness...

Online safety awareness and human factors: An application of the theory of human ecology

Efforts have been made on large and small scales to reduce cybersecurity threats around the world, including in Malaysia. However, scholars have argued that, in spite of the technological preparations countries can take to shield themselves from attack, human factors may be the key reason behind increasing breaches in cybersafety in recent years. In this...

From awareness to influence: toward a model for improving employees’ security behaviour

This paper argues that a conventional approach to cybersecurity awareness is not effective in influencing employees and creating sustainable behaviour change. The increase in security incidents caused by employees is evidence that providing information to raise employees’ awareness does not necessarily result in improving their security behaviour, and organisations must transform their security awareness program...

Does psychological distance and religiosity influence fraudulent customer behaviour?

This study delves into the motivations behind fraudulent customer behavior on eBay, a phenomenon that imposes significant financial losses on online businesses. To investigate this issue, a conceptual framework is developed, extending the Theory of Planned Behavior with factors such as religiosity, social detection risk, ethical judgment, and the moderating influence of perceived psychological distance....

Investigating cyber security factors influencing the perception behavioral intention of small and medium enterprise

This study investigates the perception of cyber security among MSMEs, particularly those new to technology, utilizing the Protection Motivation Theory (PMT) model. Data is gathered through surveys and analyzed quantitatively using Smart-PLS software. Several variables are examined for their impact on Protective Behavioral Intention. The findings reveal that Perceived Severity (PS) and Self-Efficacy (SE) significantly...

Understanding nonmalicious security violations in the workplace: A composite behavior model

End users are said to be "the weakest link" in information systems (IS) security management in the workplace. They often knowingly engage in certain insecure uses of IS and violate security policies without malicious intentions. Few studies, however, have examined end user motivation to engage in such behavior. To fill this research gap, in the...

Three domains of learning – Cognitive, affective, psychomotor

The distinguished expert in education and learning discusses the hierarchies of the three domains of learning. After discussing the different stages of cognivite learning, Owen Wilson discuess emotional learning and physical learning. The piece breaks each area of learning down into building blocks that, when applied, may be used to further a student or pupil's...

Determining employee awareness using the human aspects of information security questionnaire (HAIS-Q)

This paper delves into the realm of Cyber Security Awareness Campaigns, with a specific focus on identifying critical factors that may hinder their effectiveness in driving behavioral change. Despite past and ongoing efforts to enhance information security practices and foster a secure society, the desired impact has often remained elusive. Therefore, it is essential to...

EAST: Four simple ways to apply behavioural insights

Following extensive engagement with policy makers through lectures, seminars, workshops, and discussions, the UK government's Behavioral Insights Team has distilled years of insights into a simplified framework designed to promote behavioral change. According to their approach, to facilitate the adoption of a new behavior, it should align with the following principles, conveniently summarized as "EAST":...

The effects of multilevel sanctions on information security violations: A mediating model

We proposed and empirically tested a mediating model for examining the effects of multilevel sanctions on preventing information security violations in the workplace. The results of the experiment suggested that personal self-sanctions and workgroup sanctions have significant deterrent effects on employee security violations, but that the effect of organizational sanctions becomes insignificant when the other...