Select Page

Research Library

The world’s first globally accessible archive of research into the human aspect of cybersecurity and behavioral science as applied to cybersecurity awareness and online behavioral change.

See the latest studies from pioneering academics below, or explore SebDB, the world’s security behavior database, at sebdb.com

Do one more thing right today. Subscribe to the Behave Newsletter

Filter results by

Clear all filters

Selected filters

How to keep your information secure? Toward a better understanding of users security behavior

Use of computers and the Internet is an integral part of our lives, with business becoming more digital. As a result, individuals are using their home computers to perform diverse tasks and to store sensitive data. This paper investigates the relative efficacy of two strategies to protect home computers from security threats: security tools and...

Encouraging organisational information security incident reporting

21st-century organisations can only learn how to respond effectively to, and recover from, adverse information security incidents if their employees report any incidents they notice. This should happen irrespective of whether or not they themselves triggered the incident. Organisations have started to inform their employees about their incident reporting obligations. However, there is little research...

Nothing ventured, nothing gained. Profiles of online activity, cyber-crime exposure, and security measures of end-users in European Union

We use large-scale survey data from the Eurobarometer 77.2/2012 to explore variability in online activity, cyber-crime exposure, and security measures of end-users in European Union (EU27). While cyber-security is a high-priority activity for security experts and researchers, end-users conduct it in the context of their daily lives, as a socially accountable and resource-limited activity. We...

Human-centric cybersecurity research: From trapping the bad guys to helping the good ones

The issue of cybersecurity has surged in importance in recent years due to numerous high-profile incidents, hacking attempts, and data breaches that have captured headlines. The continuous rise in cyber incidents suggests the need for a reevaluation of how we perceive cybersecurity and whether a shift in mindset is warranted. In essence, cybersecurity is fundamentally...

Securing mobile devices: Evaluating the relationship between risk perception, organisational commitment and information security awareness

This study examined the relationship between perception of risk, organisational commitment, and Information Security Awareness (ISA), finding both organisational commitment and perception of personal risk to be significant predictors of ISA. Surprisingly, frequency of workplace information security training negatively affected ISA.  

Don’t make excuses! Discouraging neutralization to reduce IT policy violation

Past research on information technology (IT) security training and awareness has focused on informing employees about security policies and formal sanctions for violating those policies. However, research suggests that deterrent sanctions may not be the most powerful influencer of employee violations. Often, employees use rationalizations, termed neutralization techniques, to overcome the effects of deterrence when...

Password management strategies for online accounts

Given the widespread use of password authentication in online correspondence, subscription services, and shopping, there is growing concern about identity theft. When people reuse their passwords across multiple accounts, they increase their vulnerability; compromising one password can help an attacker take over several accounts. Our study of 49 undergraduates quantifies how many passwords they had...

Where did they go wrong? An analysis of the failure of knowledgeable Internet consumers to detect deception over the internet

This paper uses an information-processing model of deception detection to understand the reasons underlying Internet consumers' success and failure at detecting forms of intentional deception that occur on the Internet. Eighty MBA students visited either a real commercial site or a deceptive copycat (“page-jacking”) site. The deceptive site was identical to the clean site except that...