Individual and Contextual Variables of Cyber Security Behaviour -- An empirical analysis of national culture, industry, organisation, and individual variables of (in)secure human behaviour
- URL: http://arxiv.org/abs/2405.16215v2
- Date: Wed, 29 May 2024 11:45:21 GMT
- Title: Individual and Contextual Variables of Cyber Security Behaviour -- An empirical analysis of national culture, industry, organisation, and individual variables of (in)secure human behaviour
- Authors: Marten de Bruin, Konstantinos Mersinas,
- Abstract summary: National culture, industry type, and organisational security culture play are influential variables of individuals' security behaviour.
Security awareness, security knowledge, and prior experience with security incidents are found to be influential variables of security behaviour.
Findings provide practical insights for organisations regarding the susceptibility of groups of people to insecure behaviour.
- Score: 0.0
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Cyber security incidents are increasing and humans play an important role in reducing their likelihood and impact. We identify a skewed focus towards technical aspects of cyber security in the literature, whereas factors influencing the secure behaviour of individuals require additional research. These factors span across both the individual level and the contextual level in which the people are situated. We analyse two datasets of a total of 37,075 records from a) self-reported security behaviours across the EU, and b) observed phishing-related behaviours from the industry security awareness training programmes. We identify that national culture, industry type, and organisational security culture play are influential Variables (antecedents) of individuals' security behaviour at contextual level. Whereas, demographics (age, gender, and level or urbanisation) and security-specific factors (security awareness, security knowledge, and prior experience with security incidents) are found to be influential variables of security behaviour at individual level. Our findings have implications for both research and practice as they fill a gap in the literature and provide concrete statistical evidence on the variables which influence security behaviour. Moreover, findings provides practical insights for organisations regarding the susceptibility of groups of people to insecure behaviour. Consequently, organisations can tailor their security training and awareness efforts (e.g., through behaviour change interventions and/or appropriate employee group profiles), adapt their communications (e.g., of information security policies), and customise their interventions according to national culture characteristics to improve security behaviour.
Related papers
- New Emerged Security and Privacy of Pre-trained Model: a Survey and Outlook [54.24701201956833]
Security and privacy issues have undermined users' confidence in pre-trained models.
Current literature lacks a clear taxonomy of emerging attacks and defenses for pre-trained models.
This taxonomy categorizes attacks and defenses into No-Change, Input-Change, and Model-Change approaches.
arXiv Detail & Related papers (2024-11-12T10:15:33Z) - Traffic and Safety Rule Compliance of Humans in Diverse Driving Situations [48.924085579865334]
Analyzing human data is crucial for developing autonomous systems that replicate safe driving practices.
This paper presents a comparative evaluation of human compliance with traffic and safety rules across multiple trajectory prediction datasets.
arXiv Detail & Related papers (2024-11-04T09:21:00Z) - Evaluating Cultural and Social Awareness of LLM Web Agents [113.49968423990616]
We introduce CASA, a benchmark designed to assess large language models' sensitivity to cultural and social norms.
Our approach evaluates LLM agents' ability to detect and appropriately respond to norm-violating user queries and observations.
Experiments show that current LLMs perform significantly better in non-agent environments.
arXiv Detail & Related papers (2024-10-30T17:35:44Z) - Insights on Disagreement Patterns in Multimodal Safety Perception across Diverse Rater Groups [29.720095331989064]
AI systems crucially rely on human ratings, but these ratings are often aggregated.
This is particularly concerning when evaluating the safety of generative AI, where perceptions and associated harms can vary significantly across socio-cultural contexts.
We conduct a large-scale study employing highly-parallel safety ratings of about 1000 text-to-image (T2I) generations from a demographically diverse rater pool of 630 raters.
arXiv Detail & Related papers (2024-10-22T13:59:21Z) - Safetywashing: Do AI Safety Benchmarks Actually Measure Safety Progress? [59.96471873997733]
We propose an empirical foundation for developing more meaningful safety metrics and define AI safety in a machine learning research context.
We aim to provide a more rigorous framework for AI safety research, advancing the science of safety evaluations and clarifying the path towards measurable progress.
arXiv Detail & Related papers (2024-07-31T17:59:24Z) - Linkage on Security, Privacy and Fairness in Federated Learning: New Balances and New Perspectives [48.48294460952039]
This survey offers comprehensive descriptions of the privacy, security, and fairness issues in federated learning.
We contend that there exists a trade-off between privacy and fairness and between security and sharing.
arXiv Detail & Related papers (2024-06-16T10:31:45Z) - "What Keeps People Secure is That They Met The Security Team": Deconstructing Drivers And Goals of Organizational Security Awareness [4.711430413139394]
Security awareness campaigns in organizations now collectively cost billions of dollars annually.
Despite this, the basis of what security awareness managers do and what decides this are unclear.
We identify that success in awareness management is fragile while having the potential to improve.
arXiv Detail & Related papers (2024-04-29T02:10:35Z) - SoK (or SoLK?): On the Quantitative Study of Sociodemographic Factors and Computer Security Behaviors [31.18834611268347]
We survey existing scholarship on sociodemographics and secure behavior.
We then conduct a focused literature review of 47 papers to synthesize what is currently known and identify open questions for future research.
By incorporating contemporary social and critical theories, we establish guidelines for future studies of sociodemographic factors and security behaviors.
We present a case study to demonstrate our guidelines in action, at-scale, that conduct a measurement study of the relationships between sociodemographics and de-identified, aggregated log data of security and privacy behaviors among 16,829 users on Facebook across 16 countries.
arXiv Detail & Related papers (2024-04-15T23:56:03Z) - PsySafe: A Comprehensive Framework for Psychological-based Attack, Defense, and Evaluation of Multi-agent System Safety [70.84902425123406]
Multi-agent systems, when enhanced with Large Language Models (LLMs), exhibit profound capabilities in collective intelligence.
However, the potential misuse of this intelligence for malicious purposes presents significant risks.
We propose a framework (PsySafe) grounded in agent psychology, focusing on identifying how dark personality traits in agents can lead to risky behaviors.
Our experiments reveal several intriguing phenomena, such as the collective dangerous behaviors among agents, agents' self-reflection when engaging in dangerous behavior, and the correlation between agents' psychological assessments and dangerous behaviors.
arXiv Detail & Related papers (2024-01-22T12:11:55Z) - From Compliance to Impact: Tracing the Transformation of an Organizational Security Awareness Program [3.3916160303055567]
We conduct a year-long case study of a security awareness program in a U.S. government agency.
Our findings reveal the challenges and practices involved in the progression of a security awareness program.
arXiv Detail & Related papers (2023-09-14T14:01:05Z) - Developing a cyber security culture: Current practices and future needs [2.7719338074999538]
We identify and analyse 58 research articles from the last 10 years (2010-2020)
Top management support, policy and procedures, and awareness are critical in engendering cyber security culture.
Questionnaires and surveys are the most used tool to measure cyber security culture.
For practitioners, this article highlights factors and models essential to the creation and management of a robust security culture.
arXiv Detail & Related papers (2021-06-28T13:31:33Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.