Research Library

The world’s first globally accessible archive of research into the human aspect of cyber security and behavioural science as applied to cyber security awareness and online behavioural change.

To see the latest studies from pioneering academics, scroll down.

Past studies suggest that computer security countermeasures such as security policies, systems, and awareness programs would be effective in preventing computer abuse in organizations. They are based on the general deterrence theory, which posits that when an organization implements countermeasures that threaten abusers, its computer abuse problems would be deterred. However, computer abuse problems persist in many organizations despite these measures. This article proposes a new model of computer abuse that extends the traditional model with the social criminology theories. Focusing on computer abuse within organizations, the model explains the phenomenon through social lenses such as s

Mother Nature knows best–How engineered organizations of the future will resemble natural-born systems.  

In this study, we analyzed Web users concerns about potential risks and harms from Web use to themselves and to society at large. In addition, we assessed how strongly users felt something should be done to address their concerns. Seventy-two individuals, 24 each from a rural community in Maine, a suburban professional community in New Jersey, and a high-technology community in California, participated in an extensive (2-hour) semistructured interview about Web security. Results show that Web users were primarily concerned about risks to Information, and secondarily about risks to People and Technology. Different sets of concerns were identified among the rural, suburban, and high-techno

Behaviour change is an important concept in relation to health promotion and disease prevention. Self-efficacy has been identified as an important determinant of health behaviour, future health behaviour and health behaviour change. In order to effectively facilitate behaviour change, it is essential that interventions are research based, and emphasize the utility of theory in practice. The effective practice of health promotion and disease prevention requires a full understanding of the processes of patient behaviour. This article presents the role of the nurse in influencing health-related behaviour change. Self-efficacy and related but distinct theories that underpin behaviour change are

Why does suicide happen? What goes wrong? Why is it more common in some places than others? Emile Durkheim seeks out the answers in a classic text, offering an insight into the social frameworks in which we operate.  

Researchers find people’s desire for risk is not consistent in all areas, and varies between things like financial, health and social realms. Regression analysis suggests the changes are due to changes in percieved benefits and risk, as opposed to changes in attitudes.  

Researchers developed and tested a new measure of ‘the need for affect’ (ie, the probability of someone approaching or avoiding emotion-inducing situations). They concluded the need for affect is important in understanding emotion-related processes.  

This paper discusses how fear can trigger elicitation and learning. It proposes fear is evolutionary, automatic and largely immune to conscious control and cites studies that support its propositions.  

Security engineering

Psychology is a huge subject, ranging from neuroscience through to clinical topics, and spilling over into cognate disciplines from philosophy through artificial intelligence to sociology. Although it has been studied for much longer than computer science, our understanding of the mind is much less complete: the brain is so much more complex.

Rsearchers find that fraud attempts are less likely to succeed if: the offender is a stranger; the initial contact is by telephone or mail; the potential victim has heard of the intended type of fraud beforehand, or; the potential victim attempts to investigate the person or proposition before responding.  

This paper investigated why our ability to control impulses wains during emotional distress. It found when people believed emotional distress to be long-term, they were better able to control impulses – suggesting indulging our impulses during times of distress is an attempt to help overcome short-term distress.  

This paper argues that simply blaming users for security breaches will not lead to more effective security systems and that security designers must address the causes of undesirable user behaviour to design effective security systems. Focusing on passwords in particular, the paper’s authors conclude that addressing the causes of undesirable security behaviours shouldn’t be too difficult given the knowledge and techniques necessary to do so largely already exist.  

As the use of ubiquitous multimedia communication increases so do the privacy risks associated with widespread accessibility and utilisation of data generated by such applications. Most invasions of privacy are not intentional but due to designers inability to anticipate how this data could be used, by whom, and how this might affect users. This paper addresses the problem by providing a model of user perceptions of privacy in multimedia environments. The model has been derived from an analysis of empirical studies conducted by the authors and other researchers and aids designers to determine which information users regard as private, and in which context It also identifies trade-offs th

A paper that counters the popular notion of more choice being a good thing. Research in this paper suggests humans make better choices when offered less choice..  

The Federal Trade Commission (FTC) is one of many organizations studying influences on consumer privacy online. The authors investigate these influences, taking into consideration the current body of literature on privacy and the Internet and the FTC’s core principles of fair information practice. The authors analyze these influences to assess the underlying factors of privacy concern online. The authors examine the current recommendations and actions of the FTC in light of the results of an e-mail survey of online consumers in the United States that assessed their attitudes toward privacy online. The authors find that the FTC’s core principles address many of online consumers’ privacy conce

The authors examine potential relationships among categories of personal information, beliefs about direct marketing, situational characteristics, specific privacy concerns, and consumers’ direct marketing shopping habits. Furthermore, the authors offer an assessment of the trade-offs consumers are willing to make when they exchange personal information for shopping benefits. The findings indicate that public policy and self-regulatory efforts to alleviate consumer privacy concerns should provide consumers with more control over the initial gathering and subsequent dissemination of personal information. Such efforts must also consider the type of information sought, because consumer concern

This articles discusses environmental problems and how we can use psychology to address such problems. It then presents a model for doing so.  

Recent behavioural research has debunked the idea of humans as entirely rational. This paper suggests the gap between human behaviour and human cognition can in fact be explained not necessarily by irrationality but by: performance errors; computational limitations; the wrong norm being applied by the experimenter; and/or a different construal of the task by the subject. The authors re-run common experiments demonstrating behavioural biases and find computational limitations in particular underlie seemingly irrational responses to several experiments.  

This chapter reviews empirical and theoretical developments in research on social influence and message-based persuasion. The review emphasizes research published during the period from 1996-1998. Across these literatures, three central motives have been identified that generate attitude change and resistance. These involve concerns with the self, with others and the rewards/punishments they can provide, and with a valid understanding of reality. The motives have implications for information processing and for attitude change in public and private contexts. Motives in persuasion also have been investigated in research on attitude functions and cognitive dissonance theory. In addition, the ch

Users are not the enemy

In the late 90’s, it was largely considered users were unmotivated and lazy when it came to cyber security. This UCL research suggested, actually, users compromised security systems through lack of security knowledge and non-user centric security mechanisms. Researchers concluded users needed greater cyber security education and security mechanisms needed to be more user-centric in order to decrease the risks introduced by people.