Select Page

Research Library

The world’s first globally accessible archive of research into the human aspect of cybersecurity and behavioral science as applied to cybersecurity awareness and online behavioral change.

To see the latest studies from pioneering academics, scroll down.

Do one more thing right today. Subscribe to the Behave Newsletter

Filter results by

Online safety awareness and human factors: An application of the theory of human ecology

Efforts have been made on large and small scales to reduce cybersecurity threats around the world, including in Malaysia. However, scholars have argued that, in spite of the technological preparations countries can take to shield themselves from attack, human factors may be the key reason behind increasing breaches in cybersafety in recent years. In this...

A zero-shot deep metric learning approach to Brain–Computer Interfaces for image retrieval

In this paper we propose a deep learning based approach for image retrieval using EEG. Our approach makes use of a multi-modal deep neural network based on metric learning, where the EEG signal from a user observing an image is mapped together with visual information extracted from the image. The inspiration behind this work is...

From awareness to influence: toward a model for improving employees’ security behaviour

This paper argues that a conventional approach to cybersecurity awareness is not effective in influencing employees and creating sustainable behaviour change. The increase in security incidents caused by employees is evidence that providing information to raise employees’ awareness does not necessarily result in improving their security behaviour, and organisations must transform their security awareness program...

About the Measuring of Information Security Awareness: A Systematic Literature Review

To make employees aware of their important role for information security, companies typically carry out security awareness campaigns. The success and effectiveness of those campaigns has to be measured to justify the budget for example. Therefore, we did a systematic literature review in order to learn how information security awareness (ISA) is measured in theory...

Developing metrics to assess the effectiveness of cybersecurity awareness program

Cybersecurity awareness (CSA) is not just about knowing, but also transforming things learned into practice. It is a continuous process that needs to be adjusted in subsequent iterations to improve its usability as well as sustainability. This is possible only if a CSA program is reviewed and evaluated timely. Review and evaluation of an awareness...

A systematic review of current cybersecurity training methods

Cybersecurity continues to be a growing issue, with cyberattacks causing financial losses and loss of productivity and reputation. Especially in an organisational setting, end-user behaviour plays an essential role in achieving a high level of cybersecurity. One way to improve end-user cybersecurity behaviour is through comprehensive training programmes.There are many contradictory statements and findings with...

Developing a cyber security culture: Current practices and future needs

While the creation of a strong security culture has been researched and discussed for decades, it continues to elude many businesses. Part of the challenge faced is distilling pertinent, recent academic findings and research into useful guidance. In this article, we aim to tackle this issue by conducting a state-of-the-art study into organisational cyber security...

Conceptualization of a cybersecurity awareness quiz

Recent approaches to raise security awareness have improved a lot in terms of user-friendliness and user engagement. However, since social engineering attacks on employees are evolving fast, new variants arise very rapidly. To deal with recent changes, our serious game Cyber- Security Awareness Quiz provides a quiz on recent variants to make employees aware of...

A pond full of phishing games – analysis of learning games for anti-phishing education

Game-based learning is a promising approach to anti-phishing education, as it fosters motivation and can help reduce the perceived difficulty of the educational material. Over the years, several prototypes for game-based applications have been proposed, that follow different approaches in content selection, presentation, and game mechanics. In this paper, a literature and product review of...

Research on the effectiveness of cyber security awareness in ICS Risk Assessment Frameworks

Evaluating the awareness of security among users plays a critical role in safeguarding Industrial Control Systems (ICSs) against social engineering attacks. This study was conducted to assess the impact of cybersecurity awareness on the response to cybersecurity incidents within ICSs. Furthermore, this research has incorporated various measures and frameworks related to cybersecurity emergency response processes,...

Beyond cybersecurity tools: The increasing roles of human factors and cyber insurance in the survival of social media organizations

Cybersecurity tools are designed to safeguard an organization's systems and data by ensuring confidentiality, integrity, and availability in the face of cyber threats. Nevertheless, it's vital to recognize that these tools come with inherent limitations. Relying solely on them is insufficient for effectively managing the ever-evolving landscape of cyber risks. In this context, human resources...

Gamification of cyber security awareness training for phishing against university students

Users represent the primary source of cyber security breaches. Unfortunately, Cyber Security Awareness training often fails to capture their interest and is perceived as a secondary task, an impediment, or a distraction from their core responsibilities. This indifference poses a significant risk to organizations, as cyber security breaches collectively cost businesses billions annually. An effective...

Exploring how, why and in what contexts older adults are at risk of financial cybercrime victimization: A realist review

Despite infrequent reports from older individuals regarding their experiences as victims of financial cybercrime, there exists compelling evidence indicating that older online users face an elevated risk. This realist review was conducted to identify the factors contributing to the victimization of older adults and to evaluate the theory and supporting evidence for interventions aimed at...

Human errors: A cyber security concern and the weakest link to small businesses

Cybersecurity is a critical concern for organizations, particularly in the face of the ongoing global pandemic caused by Covid-19. The abrupt shift to remote work, often referred to as the 'new normal,' has introduced information security risks associated with human factors. This includes both malicious actors and employees using the same platforms for information exchange...

Oppositional human factors in cybersecurity: A preliminary analysis of affective states

The need for cyber defense research is growing as more cyber-attacks are directed at critical infrastructure and other sensitive networks. Traditionally, the focus has been on hardening system defenses. However, other techniques are being explored including cyber and psychological deception which aim to negatively impact the cognitive and emotional state of cyber attackers directly through...

Bridging the knowing-doing gap: the role of attitude in information security awareness

This study examined that gap between knowledge and behaviour, why employees wilfully omit, and the role of attitude in bridging that gap. The study was conducted as a web-administered survey using the Human Aspects of Information Security Questionnaire (HAIS-Q), to which 287 participants responded. The data was analysed using linear regression, Baron-Kenny mediation, and comparison...

Impacts of the Covid-19 pandemic on online security behaviour within the UK educational industry

In this research, the impact of the coronavirus pandemic on the security behaviour of academic businesses is uncovered. This is done by comparing the pre-pandemic annual cyber security survey with the peak and post-pandemic survey, i.e., 2019, 2020 and 2021 respectively. Findings from this research demonstrate that the pandemic brought about a rise in cyberattacks,...

Utilising machine learning against email phishing to detect malicious emails

Phishing is an identity theft evasion strategy used in which consumers accept bogus emails from fraudulent accounts that claim to belong to a legal and real company in the effort to steal sensitive information of the client. This act places many users’ privacy at risk, and therefore researchers continue to work on identifying and improving...

Does psychological distance and religiosity influence fraudulent customer behavior?

This study delves into the motivations behind fraudulent customer behavior on eBay, a phenomenon that imposes significant financial losses on online businesses. To investigate this issue, a conceptual framework is developed, extending the Theory of Planned Behavior with factors such as religiosity, social detection risk, ethical judgment, and the moderating influence of perceived psychological distance....