The University of Southampton
University of Southampton Institutional Repository

Individual perceptions of cybersecurity and risk management

Individual perceptions of cybersecurity and risk management
Individual perceptions of cybersecurity and risk management
Seeing human actors as a primary target for cybersecurity attacks suggests that awareness of threats and the willingness to implement controls may be lacking. Previous studies have identified context, demographic characteristics, and self-efficacy to be key factors influencing security-enhancing behaviours among private individuals. In this study, 801 UK private individuals responded to an anonymous online survey, identifying their ability to recognise threats and controls, who they believe responsible for implementing controls, and their general willingness to engage with cybersecurity via a Protection Motivation Theory behavioural model. Using a healthcare data context, results indicate that private individuals can identify threats, controls, and match them. They rarely, however, see themselves responsible for the security of their data. Further, an explanatory factor analysis suggests that decision making involved background considerations rather than a simple cost-benefit analysis or cognitive assessment of cybersecurity controls. This work adds to a growing body of literature which highlights that human actors are cybersecurity aware, but that they perceive the broader context to be relevant to their decision making. As such, it provides insights to consider in response to making technology end-users part of the solution to cybersecurity threats.
Cybersecurity, Digital security, Risk perception, Threat, Control, Priming, Responsibility, Healthcare data, Protection motivation theory, Exploratory Factor Analysis
Pickering, Brian
225088d0-729e-4f17-afe2-1ad1193ccae6
Taylor, Steve
9ee68548-2096-4d91-a122-bbde65f91efb
Pickering, Brian
225088d0-729e-4f17-afe2-1ad1193ccae6
Taylor, Steve
9ee68548-2096-4d91-a122-bbde65f91efb

Pickering, Brian and Taylor, Steve (2024) Individual perceptions of cybersecurity and risk management. Open Research Europe. (In Press)

Record type: Article

Abstract

Seeing human actors as a primary target for cybersecurity attacks suggests that awareness of threats and the willingness to implement controls may be lacking. Previous studies have identified context, demographic characteristics, and self-efficacy to be key factors influencing security-enhancing behaviours among private individuals. In this study, 801 UK private individuals responded to an anonymous online survey, identifying their ability to recognise threats and controls, who they believe responsible for implementing controls, and their general willingness to engage with cybersecurity via a Protection Motivation Theory behavioural model. Using a healthcare data context, results indicate that private individuals can identify threats, controls, and match them. They rarely, however, see themselves responsible for the security of their data. Further, an explanatory factor analysis suggests that decision making involved background considerations rather than a simple cost-benefit analysis or cognitive assessment of cybersecurity controls. This work adds to a growing body of literature which highlights that human actors are cybersecurity aware, but that they perceive the broader context to be relevant to their decision making. As such, it provides insights to consider in response to making technology end-users part of the solution to cybersecurity threats.

Text
Private_Citizen_Perceptions_of_Cybersecurity_06022024 - Author's Original
Available under License Creative Commons Attribution.
Download (277kB)
Text
Private_Citizen_Perceptions_of_Cybersecurity_06022024 - Accepted Manuscript
Available under License Creative Commons Attribution.
Download (921kB)
Text
ORE_Cybersecurity
Restricted to Repository staff only
Available under License Creative Commons Attribution.
Request a copy

More information

Submitted date: 12 February 2024
Accepted/In Press date: 16 April 2024
Keywords: Cybersecurity, Digital security, Risk perception, Threat, Control, Priming, Responsibility, Healthcare data, Protection motivation theory, Exploratory Factor Analysis

Identifiers

Local EPrints ID: 487541
URI: http://eprints.soton.ac.uk/id/eprint/487541
PURE UUID: b8918823-e122-4f37-9ac5-ba5b17c4845d
ORCID for Brian Pickering: ORCID iD orcid.org/0000-0002-6815-2938
ORCID for Steve Taylor: ORCID iD orcid.org/0000-0002-9937-1762

Catalogue record

Date deposited: 23 Feb 2024 17:32
Last modified: 08 Aug 2024 04:01

Export record

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×