Despite substantial investments in technological solutions to bolster cybersecurity, human factors, such as employees falling for phishing attacks, remain a significant vulnerability that can undermine even the most advanced security systems. Drawing upon dual-process theories of cognition, this study posits that a brief mindfulness practice may mitigate automatic responses to phishing attempts by improving rational decision-making and, consequently, the ability to detect phishing cues.
To empirically test this hypothesis, we conducted an experiment where mindfulness was manipulated among two groups of participants. We assessed their capacity to identify phishing cues, some of which were easy to notice and others more challenging, within emails from either familiar or unfamiliar sources. The results indicate that mindfulness aids in detecting more phishing cues specifically when emails are difficult to discern and originate from familiar sources. However, mindfulness did not show a significant effect in other experimental conditions.
This study holds theoretical implications for understanding the role of human factors in cybersecurity behavior, shedding light on how mindfulness can be a valuable tool in enhancing email security awareness. Furthermore, it offers practical insights for security training and awareness programs.