Abstract
Persuasive techniques and persuasive technologies have been suggested as a means to improve user cybersecurity behaviour, but there have been few quantitative studies in this area. In this paper, we present a large scale evaluation of persuasive messages designed to encourage University staff to complete security training. Persuasive messages were based on Cialdini’s principles of persuasion, randomly assigned, and transmitted by email. The training was real, and the messages sent constituted the real campaign to motivate users during the study period. We observed statistically significant variations, but with mild effect sizes, in participant responses to the persuasive messages. ‘Unity’ persuasive messages that had increased emphasis on the collaborative role of individual users as part of an organisation-wide team effort towards cybersecurity were more effective compared to ‘Authority’ messages that had increased emphasis on a mandatory obligation of users imposed by a hierarchical authority. Participant and organisational factors also appear to impact upon participant responses. The study suggests that the use of messages emphasising different principles of persuasion may have different levels of effectiveness in encouraging users to take particular security actions. In particular, it suggests that the use of social capital, in the form of increased emphasis of ‘unity’, may be more effective than increased emphasis of ‘authority’. These findings motivate further studies of how the use of Social capital may be beneficial for encouraging individuals to adopt similar positive security behaviours.
Original language | English |
---|---|
Title of host publication | Social Informatics |
Subtitle of host publication | 13th International Conference, SocInfo 2022, Proceedings |
Editors | Frank Hopfgartner, Kokil Jaidka, Philipp Mayr, Joemon Jose, Jan Breitsohl |
Publisher | Springer Science and Business Media Deutschland GmbH |
Pages | 211-232 |
Number of pages | 22 |
ISBN (Electronic) | 978-3-031-19097-1 |
ISBN (Print) | 9783031190964 |
DOIs | |
Publication status | Published - 12 Oct 2022 |
Event | Social Informatics 2022: The 13th International Conference on Social Informatics. - Glasgow, United Kingdom Duration: 19 Oct 2022 → 21 Oct 2022 http://www.dcs.gla.ac.uk/socinfo2022/index.html |
Publication series
Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Volume | 13618 LNCS |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | Social Informatics 2022 |
---|---|
Country/Territory | United Kingdom |
Period | 19/10/22 → 21/10/22 |
Internet address |
Bibliographical note
This research was supported by the UKRI EPSRC award: EP/P011829/1.Keywords
- Cybersecurity
- Behaviour change
- Persuasive technology
- Actual effectiveness
- Quantitative field study