Users are more likely to respond to trustworthy and credible risk indicators that align with the threats they wish to evade. Security measures that frequently yield false positives erode the credibility of security protocols and condition users to disregard them. To recapture user attention and trust, we need to improve detection accuracy and enhance security tools, instead of resorting to fear tactics, deception, or coercion to force compliance with security procedures that hinder user activities.
Developing cybersecurity culture to influence employee behavior: A practice perspective
This paper identifies and explains five key initiatives that three Australian organizations have implemented to...