Litcius/Paper detail

What (if any) behaviour change techniques do government-led cybersecurity awareness campaigns use?

Tommy van Steen, Emma Norris, Kirsty Atha, Adam Joinson

2020Journal of Cybersecurity42 citationsDOIOpen Access PDF

Abstract

Abstract With the surge in cyber incidents in recent years, many linked to human error, governments are quite naturally developing security campaigns to improve citizens’ security behaviour. However, it remains not only unclear how successful these campaigns are in changing behaviour, but also what established behaviour change techniques—if any—they employ in order to achieve this goal. To investigate this, we analysed 17 government-sponsored cybersecurity campaign materials. We coded the materials for their intervention functions according to the Behaviour Change Wheel and their behaviour change techniques in accordance with the Behavioural Change Technique Taxonomy (version 1). Our findings show that security campaigns are often focused on education and increasing awareness, under the assumption that as long as citizens are aware of the risk, and are provided with information on how to improve their security behaviour, behaviour will change. Additionally, there is a lack of published effectiveness studies investigating the direct effects of a governmental cybersecurity campaign. Proposed improvements to security campaigns are discussed.

Topics & Concepts

Behaviour changeComputer securityGovernment (linguistics)Order (exchange)Behavior changeNational securitySecurity awarenessBusinessComputer scienceIntervention (counseling)Information securityPublic relationsPolitical sciencePsychologySocial psychologyLawPsychiatryLinguisticsPhilosophyFinanceInformation and Cyber SecurityNetwork Security and Intrusion DetectionBehavioral Health and Interventions
What (if any) behaviour change techniques do government-led cybersecurity awareness campaigns use? | Litcius