TY - BOOK
T1 - Using behavioural insights to improve the public’s use of cyber security best practices
AU - Coventry, Lynne
AU - Briggs, Pamela
AU - Blythe, John
AU - Tran, Minh
N1 - Available under an Open Government Licence, terms and conditions available here - http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/
PY - 2014/5/8
Y1 - 2014/5/8
N2 - The aim of this project was to apply social and behavioural insights to cyber security
challenges to answer the following questions:
- What behaviours should people display to reduce their vulnerability to cyber-security attacks?
- Why do people not behave securely online?
- What can theories of behaviour tell us about how to effectively influence behaviour?
- What is the role of communication campaigns in changing behaviour?
- How can interventions be designed to motivate appropriate cyber-security behaviour?
To achieve this, we adopted a Rapid Evidence Assessment of the literature on cybersecurity behaviours and interventions. We drew on the existing literature from science communication, health, social and organisational psychology and cyber security. We then carried out a brief email Delphi with experts in Cyber Security. We used this study to get expert opinion on the conclusions we had drawn from the literature.
It should be noted that research into human aspects of cyber-security is piecemeal and nonsystematic. It relies heavily on self reported behaviours and beliefs which are not always reliable. Actual experimental studies have limitations of small sample size and homogenous, mainly student, populations. It is also worth noting that the rate of change of technology and uptake of the internet makes it difficult to draw conclusions from older research. However, suffice to say, there is sufficient evidence to say there is room for improvement in people’s cyber-security related behaviours.
AB - The aim of this project was to apply social and behavioural insights to cyber security
challenges to answer the following questions:
- What behaviours should people display to reduce their vulnerability to cyber-security attacks?
- Why do people not behave securely online?
- What can theories of behaviour tell us about how to effectively influence behaviour?
- What is the role of communication campaigns in changing behaviour?
- How can interventions be designed to motivate appropriate cyber-security behaviour?
To achieve this, we adopted a Rapid Evidence Assessment of the literature on cybersecurity behaviours and interventions. We drew on the existing literature from science communication, health, social and organisational psychology and cyber security. We then carried out a brief email Delphi with experts in Cyber Security. We used this study to get expert opinion on the conclusions we had drawn from the literature.
It should be noted that research into human aspects of cyber-security is piecemeal and nonsystematic. It relies heavily on self reported behaviours and beliefs which are not always reliable. Actual experimental studies have limitations of small sample size and homogenous, mainly student, populations. It is also worth noting that the rate of change of technology and uptake of the internet makes it difficult to draw conclusions from older research. However, suffice to say, there is sufficient evidence to say there is room for improvement in people’s cyber-security related behaviours.
M3 - Commissioned report
BT - Using behavioural insights to improve the public’s use of cyber security best practices
PB - Government Office for Science
ER -
