Situational Judgement Tests (SJTs) are a multidimensional measurement method commonly used in the context of employment decisions and widely researched in the field of industrial and organizational (I-O) psychology. However, the use of SJTs in the field of information system (IS) security is limited. Applying SJT research from the field of I-O psychology to IS...
Leveraging situational judgment tests to measure behavioral information security
Emotional cost of cyber crime and cybersecurity protection motivation behaviour: A systematic literature review
The impact of a cyberattack on an organisation is multifaceted, at the employee level, cyber threat is a sensitive issue which needs further understanding. Founded in psychology research, emotions affect protection motivation behaviours at the individual level in the context of cybersecurity. The majority of the research studies focus on how external factors affect employees'...
Development of a new ‘human cyber-resilience scale’
While there has been an upsurge in interest in cyber resilience in organizations, we know little about the resilience of individuals to cyber attacks. Cyber resilience in a domestic or non-work setting is important because we know that the majority of people will face cyber threats in their use of technology across a range of...
What drives generation Z to behave security compliant? An extended analysis using the theory of planned behaviour
Cyber security remains a relevant topic for organisations. While companies invest in expensive security tools security awareness training often is neglected, even though human error still accounts for a large part of cyber incidents (Gartner, 2022). At the same time there is currently an important generational shift, as Generation Z (Gen Z) is starting to...
Bottom-up psychosocial interventions for interdependent privacy: Effectiveness based on individual and content differences
Although a great deal of research has examined interventions to help users protect their own information online, less work has examined methods for reducing interdependent privacy (IDP) violations on social media (i.e., sharing of other people's information). This study tested the effectiveness of concept-based (i.e., general information), fact-based (i.e., statistics), and narrative-based (i.e., stories) educational...
Developing metrics to assess the effectiveness of cybersecurity awareness program
Cybersecurity awareness (CSA) is not just about knowing, but also transforming things learned into practice. It is a continuous process that needs to be adjusted in subsequent iterations to improve its usability as well as sustainability. This is possible only if a CSA program is reviewed and evaluated timely. Review and evaluation of an awareness...
Online safety awareness and human factors: An application of the theory of human ecology
Efforts have been made on large and small scales to reduce cybersecurity threats around the world, including in Malaysia. However, scholars have argued that, in spite of the technological preparations countries can take to shield themselves from attack, human factors may be the key reason behind increasing breaches in cybersafety in recent years. In this...
From awareness to influence: toward a model for improving employees’ security behaviour
This paper argues that a conventional approach to cybersecurity awareness is not effective in influencing employees and creating sustainable behaviour change. The increase in security incidents caused by employees is evidence that providing information to raise employees’ awareness does not necessarily result in improving their security behaviour, and organisations must transform their security awareness program...
Does psychological distance and religiosity influence fraudulent customer behaviour?
This study delves into the motivations behind fraudulent customer behavior on eBay, a phenomenon that imposes significant financial losses on online businesses. To investigate this issue, a conceptual framework is developed, extending the Theory of Planned Behavior with factors such as religiosity, social detection risk, ethical judgment, and the moderating influence of perceived psychological distance....
Investigating cyber security factors influencing the perception behavioral intention of small and medium enterprise
This study investigates the perception of cyber security among MSMEs, particularly those new to technology, utilizing the Protection Motivation Theory (PMT) model. Data is gathered through surveys and analyzed quantitatively using Smart-PLS software. Several variables are examined for their impact on Protective Behavioral Intention. The findings reveal that Perceived Severity (PS) and Self-Efficacy (SE) significantly...
Social cybersecurity: Applying social psychology to cybersecurity
An introduction to the research of Jason Hong, Sauvik Das, Tiffany Hyun-Jin Kim and Laura Dabbish, who are investigating how social influence affects cyber security and testing how social influence techniques can improve people’s awareness and knowledge of cybersecurity, as well as their motivation to act securely.
Understanding nonmalicious security violations in the workplace: A composite behavior model
End users are said to be "the weakest link" in information systems (IS) security management in the workplace. They often knowingly engage in certain insecure uses of IS and violate security policies without malicious intentions. Few studies, however, have examined end user motivation to engage in such behavior. To fill this research gap, in the...
Three domains of learning – Cognitive, affective, psychomotor
The distinguished expert in education and learning discusses the hierarchies of the three domains of learning. After discussing the different stages of cognivite learning, Owen Wilson discuess emotional learning and physical learning. The piece breaks each area of learning down into building blocks that, when applied, may be used to further a student or pupil's...
Determining employee awareness using the human aspects of information security questionnaire (HAIS-Q)
This paper delves into the realm of Cyber Security Awareness Campaigns, with a specific focus on identifying critical factors that may hinder their effectiveness in driving behavioral change. Despite past and ongoing efforts to enhance information security practices and foster a secure society, the desired impact has often remained elusive. Therefore, it is essential to...
EAST: Four simple ways to apply behavioural insights
Following extensive engagement with policy makers through lectures, seminars, workshops, and discussions, the UK government's Behavioral Insights Team has distilled years of insights into a simplified framework designed to promote behavioral change. According to their approach, to facilitate the adoption of a new behavior, it should align with the following principles, conveniently summarized as "EAST":...
The righteous mind: Why good people are divided by politics and religion (Chapter 7)
In chapter 7 of this book, Jonathan Haidt draws on economic and social psychological research to show how demonstrations of violations of care, fairness, loyalty, authority and sanctity can be used in different ways to promote both right wing and left wing politcal messages. The same triggers, notes Haidt, can lead to different behaviours.
The effects of multilevel sanctions on information security violations: A mediating model
We proposed and empirically tested a mediating model for examining the effects of multilevel sanctions on preventing information security violations in the workplace. The results of the experiment suggested that personal self-sanctions and workgroup sanctions have significant deterrent effects on employee security violations, but that the effect of organizational sanctions becomes insignificant when the other...
The power of habit: Why we do what we do in life and business
In this book, Charles Duhigg draws on psychological and neurological research to introduce the concept of habit loops. According to the book, habits are formed when a cue that leads to a behaviour leads to a reward. Changing habits requires amending habit loops.
Consumer motivations in taking action against spyware: An empirical investigation
The purpose of this paper is to develop a research framework and empirically analyze the factors that motivate the consumers to adopt and use anti-spyware tools when they are faced with security threats.
Helpful self-control: Autonomy support, vitality, and depletion
Through three experiments, the authors of this paper suggest those who feel compelled to exert self-control may find a task more depleting than those who voluntarily exert self-control.