Select Page

Research Library

The world’s first globally accessible archive of research into the human aspect of cybersecurity and behavioral science as applied to cybersecurity awareness and online behavioral change.

To see the latest studies from pioneering academics, scroll down.

Do one more thing right today. Subscribe to the Behave Newsletter

Filter results by

Clear all filters

Selected filters

Emotional cost of cyber crime and cybersecurity protection motivation behaviour: A systematic literature review

The impact of a cyberattack on an organisation is multifaceted, at the employee level, cyber threat is a sensitive issue which needs further understanding. Founded in psychology research, emotions affect protection motivation behaviours at the individual level in the context of cybersecurity. The majority of the research studies focus on how external factors affect employees'...

Development of a new ‘human cyber-resilience scale’

While there has been an upsurge in interest in cyber resilience in organizations, we know little about the resilience of individuals to cyber attacks. Cyber resilience in a domestic or non-work setting is important because we know that the majority of people will face cyber threats in their use of technology across a range of...

What drives generation Z to behave security compliant? An extended analysis using the theory of planned behaviour

Cyber security remains a relevant topic for organisations. While companies invest in expensive security tools security awareness training often is neglected, even though human error still accounts for a large part of cyber incidents (Gartner, 2022). At the same time there is currently an important generational shift, as Generation Z (Gen Z) is starting to...

Bottom-up psychosocial interventions for interdependent privacy: Effectiveness based on individual and content differences

Although a great deal of research has examined interventions to help users protect their own information online, less work has examined methods for reducing interdependent privacy (IDP) violations on social media (i.e., sharing of other people's information). This study tested the effectiveness of concept-based (i.e., general information), fact-based (i.e., statistics), and narrative-based (i.e., stories) educational...

Developing metrics to assess the effectiveness of cybersecurity awareness program

Cybersecurity awareness (CSA) is not just about knowing, but also transforming things learned into practice. It is a continuous process that needs to be adjusted in subsequent iterations to improve its usability as well as sustainability. This is possible only if a CSA program is reviewed and evaluated timely. Review and evaluation of an awareness...

Online safety awareness and human factors: An application of the theory of human ecology

Efforts have been made on large and small scales to reduce cybersecurity threats around the world, including in Malaysia. However, scholars have argued that, in spite of the technological preparations countries can take to shield themselves from attack, human factors may be the key reason behind increasing breaches in cybersafety in recent years. In this...

From awareness to influence: toward a model for improving employees’ security behaviour

This paper argues that a conventional approach to cybersecurity awareness is not effective in influencing employees and creating sustainable behaviour change. The increase in security incidents caused by employees is evidence that providing information to raise employees’ awareness does not necessarily result in improving their security behaviour, and organisations must transform their security awareness program...

Does psychological distance and religiosity influence fraudulent customer behaviour?

This study delves into the motivations behind fraudulent customer behavior on eBay, a phenomenon that imposes significant financial losses on online businesses. To investigate this issue, a conceptual framework is developed, extending the Theory of Planned Behavior with factors such as religiosity, social detection risk, ethical judgment, and the moderating influence of perceived psychological distance....

Investigating cyber security factors influencing the perception behavioral intention of small and medium enterprise

This study investigates the perception of cyber security among MSMEs, particularly those new to technology, utilizing the Protection Motivation Theory (PMT) model. Data is gathered through surveys and analyzed quantitatively using Smart-PLS software. Several variables are examined for their impact on Protective Behavioral Intention. The findings reveal that Perceived Severity (PS) and Self-Efficacy (SE) significantly...

Determining employee awareness using the human aspects of information security questionnaire (HAIS-Q)

This paper delves into the realm of Cyber Security Awareness Campaigns, with a specific focus on identifying critical factors that may hinder their effectiveness in driving behavioral change. Despite past and ongoing efforts to enhance information security practices and foster a secure society, the desired impact has often remained elusive. Therefore, it is essential to...

EAST: Four simple ways to apply behavioural insights

Following extensive engagement with policy makers through lectures, seminars, workshops, and discussions, the UK government's Behavioral Insights Team has distilled years of insights into a simplified framework designed to promote behavioral change. According to their approach, to facilitate the adoption of a new behavior, it should align with the following principles, conveniently summarized as "EAST":...

Social psychological factors in lifestyle change and their relevance to policy

This article examines the social psychological theories and research that can be used to design better behaviour interventions. Although the paper focuses on health, the review could be applied in a wide variety of contexts – cyber security included.  

Impeding ecological sustainability through selective moral disengagement

This paper discusses moral disengagement, with an emphasis on how moral disengagement impedes ecological sustainability. The author notes moral disengagement comes about through: exonerative comparisons that render detrimental practices as righteous; the use of convoluting language that disguises what is really being done; reducing accountability by displacement and diffusion of responsibility; minimising and disputing harmful...

Managing the unexpected

What makes some organisations more reliable than others? The authors of Managing the Unexpected believe the answer lies in the differences in behaviours and learning styles of highly reliable organisations and organisations that are relatively unreliable. This book delves into the specific behaviours and processes that help make orgnisations reliable and responsive to unanticipated threats...

The nature and replication of routines

This paper seeks to properly define routines to facilitate further empirical research into how routines are built and how routines can be changed. Broadly, it defines routines as dispositions that trigger patterns of behaviours in a group of individuals, following cues. This is in contrast to habits – which affect individuals but not necessarily groups....

Losses, gains, and hyperbolic discounting: An experimental approach to information security attitudes and behavior

This paper explores why some people say they’d like to protect their personal data then take few measures to do so. Hypotheses include limited information, self-control problems, behavioural distortions, and bounded rationality. The authors suggest an experimental design that would allow their hypotheses to be tested.