This short blog post suggests cyber security awareness campaigns should not be run by IT but by human resources or standalone departments; that companies should quantify risks to guide cyber security investments; that awareness campaign effectiveness should be...
Research Library
The world’s first globally accessible archive of research into the human aspect of cyber security and behavioural science as applied to cyber security awareness and online behavioural change.
To see the latest studies from pioneering academics, scroll down.
The sufficiency of the theory of planned behavior for explaining information security policy compliance
This paper aims to challenge the assumption that the theory of planned behaviour (TPB) includes all constructs that explain information security policy compliance and investigates if anticipated regret or constructs from the protection motivation theory add...
Experiments with security and privacy in IoT networks
We explore the risks to security and privacy in IoT networks by setting up an inexpensive home automation network and performing a set of experiments intended to study attacks and defenses. We focus on privacy preservation in home automation networks but our insights...
Investigating personal determinants of phishing and the effect of national culture
The purpose of the study was twofold: to investigate the correlation between a sample of personal psychological and demographic factors and resistance to phishing; and to investigate if national culture moderates the strength of these correlations. Intention to resist...
Scaring and bullying people into security won’t work
Users will pay attention to reliable and credible indicators of risks they want to avoid. Security mechanisms with a high false positive rate undermine the credibility of security and train users to ignore them. We need more accurate detection and better security...
Examining the distinct antecedents of E-mail habits and its influence on the outcomes of a phishing attack
While research has linked social media phishing susceptibility to individual Facebook habits,the underlying process by which habits lead to victimization and the extent to which it explainse-mail-based phishing remains unclear. The study compared the antecedents and...
“… no one can hack my mind”: Comparing expert and non-expert security practices
The state of advice given to people today on how to stay safe online has plenty of room for improvement. Too many things are asked of them, which may be unrealistic, time consuming, or not really worth the effort. To improve the security advice, our community must...
Empirical study on ICT system’s users’ risky behavior and security awareness
In this study authors gathered information on ICT users from different areas in Croatia with different knowledge, experience, working place, age and gender background in order to examine today's situation in the Republic of Croatia (n=701) regarding ICT users'...
Cleaning house: The impact of information technology monitoring on employee theft and productivity
This paper examines how firm investments in technology-based employee monitoring impact both misconduct and productivity. We use unique and detailed theft and sales data from 392 restaurant locations from five firms that adopt a theft monitoring information technology...
Leadership styles and information security compliance behavior: The mediator effect of information security awareness
Leadership styles play an important role to enhance employee’s information security awareness and may lead to proper information security compliance behavior. Therefore, the current study aims to investigate the indirect effect of leadership styles on user’s...