Abstract
Employee behaviors remain at the center of the cybersecurity of workplaces, despite the challenges they face in doing so. Time pressures and competing demands mean that users tend to rely on habitual behaviors that often run counter to good cybersecurity practice. One possible solution may be to encourage positive habit formation. Designing such interventions, however, relies on knowledge of the perception and experience of habit formation in the context of cybersecurity. To this end, a qualitative survey containing open-ended questions was completed by 195 participants (mean age = 35.51, 53 percent female) recruited via an online participant panel. Participants were asked what cybersecurity behaviors they perform at work and how they believe any habits were prompted, formed, and maintained. Thematic analysis identified three over-arching themes: (a) forming habits unavoidably or unconsciously (some were mandated, or formed without conscious awareness), (b) consciously cultivating habits (including the roles of intrinsic motivation and external prompts), and (c) social and organizational influences (including the influence of occupational culture, social modeling, previous experiences, and information gathering practices). Based on these findings, we present guidelines for supporting workplace cybersecurity habit formation reflecting these subjective experiences, namely introducing automatic solutions, facilitating external cues, fostering interest in cybersecurity issues among employees, creating a positive cybersecurity occupational culture and highlighting positive behavior, and providing access to accessible cybersecurity information to employees. These results constitute a first step in identifying how habits can be exploited for positive cybersecurity behavior change in a way that accounts for the reliance on habitual behaviors in busy, time-pressured workplaces.
Original language | English |
---|---|
Pages (from-to) | 599-604 |
Number of pages | 6 |
Journal | Cyberpsychology, Behavior, and Social Networking |
Volume | 24 |
Issue number | 9 |
Early online date | 17 Aug 2021 |
DOIs | |
Publication status | Published - 15 Sept 2021 |
Bibliographical note
Funding Information:This work was funded by the Research Institute in Science of Cyber Security (RISCS) and the U.K. Home Office, via funding from the National Cyber Security Programme.
Publisher Copyright:
© 2021 Copyright, Mary Ann Liebert, Inc.
Keywords
- cybersecurity
- habit formation
- habits
ASJC Scopus subject areas
- Social Psychology
- Communication
- Applied Psychology
- Human-Computer Interaction
- Computer Science Applications