Bada, M;
Sasse, A;
(2014)
Cyber Security Awareness Campaigns: Why do they fail to change behaviour?
Global Cyber Security Capacity Centre, University of Oxford: Oxford, UK.
![[thumbnail of Awareness CampaignsDraftWorkingPaper.pdf]](https://discovery.ucl.ac.uk/style/images/fileicons/text.png) Preview |
Text
Awareness CampaignsDraftWorkingPaper.pdf Available under License : See the attached licence file. Download (749kB) |
Abstract
This paper by Dr. Maria Bada and Professor Angela Sasse focuses on Security Awareness Campaigns, trying to identify factors which potentially lead to failure of these in changing the information security behaviours of consumers and employees. Past and current efforts to improve information security practices have not had the desired effort. In this paper, we explain the challenges involved in improving information security behaviours. Changing behaviour requires more than giving information about risks and correct behaviours – firstly, the people must be able to understand and apply the advice, and secondly, they must be willing to do – and the latter requires changes to attitudes and intentions. These antecedents of behaviour change are identified in several psychological models of behaviour (e.g. theory of reasoned action, theory of planned behaviour, protection motivation theory). We review the suitability of persuasion techniques, including the widely used fear appeals. Essential components for an awareness campaign as well as factors which can lead to a campaign’s failure are also discussed. In order to enact change, the current sources of influence-whether they are conscious or unconscious, personal, environmental or social, which are keeping people from enacting vital behaviours, need to be identified. Cultural differences in risk perceptions can also influence the maintenance of a particular way of life. Finally, since the vast majority of behaviours are habitual, the change from existing habits to better information security habits requires support. Finally, we present examples of existing awareness campaigns in U.K., in Australia, in Canada and Africa.
| Type: | Working / discussion paper |
|---|---|
| Title: | Cyber Security Awareness Campaigns: Why do they fail to change behaviour? |
| Open access status: | An open access version is available from UCL Discovery |
| Publisher version: | https://www.sbs.ox.ac.uk/cybersecurity-capacity/co... |
| Language: | English |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
| URI: | https://discovery.ucl.ac.uk/id/eprint/1468954 |
Archive Staff Only
 |
View Item |
