The Design of Messages to Improve Cybersecurity Incident Reporting

Pamela Briggs, Debora Jeske, Lynne Coventry

Research output: Chapter in Book/Report/Conference proceedingChapter

10 Citations (Scopus)

Abstract

Cybersecurity suffers from the problem of poor incident reporting. We explored message influences on incident reporting rate. Participants were presented with messages that differed in terms of (i) whether the problem was framed as a technical or a security issue and (ii) the perceived beneficiaries of making a report (benefit to the user, to others vs. no benefit message). Participants were more likely to report a problem if so doing implied some benefit to self, where making the problem more personally relevant might act to reduce social loafing in group settings. They were also more likely to report a technical rather than a security problem and qualitative data suggested that users were sometimes suspicious of messages reporting a security incident – believing that the message itself might be a cybersecurity attack. The findings provide starting points for future research aimed at improving incident reporting.
Original languageEnglish
Title of host publicationHuman Aspects of Information Security, Privacy and Trust
PublisherSpringer
Pages3-13
Volume10292
ISBN (Print)978-3-319-58459-1
DOIs
Publication statusE-pub ahead of print - 13 May 2017

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
ISSN (Electronic)0302-9743

Keywords

  • Security
  • User behavior
  • Incident reporting
  • Behavior change
  • Protection-motivation theory
  • Social loafing

Fingerprint

Dive into the research topics of 'The Design of Messages to Improve Cybersecurity Incident Reporting'. Together they form a unique fingerprint.

Cite this