What (if any) behaviour change techniques do government-led cybersecurity awareness campaigns use?

Tommy Van Steen, Emma Norris, Kirsty Atha, Adam Joinson

Research output: Contribution to journalArticlepeer-review

25 Citations (SciVal)

Abstract

With the surge in cyber incidents in recent years, many linked to human error, governments are quite naturally developing security campaigns to improve citizens’ security behaviour. However, it remains not only unclear how successful these campaigns are in changing behaviour, but also what established behaviour change techniques—if any—they employ in order to achieve this goal. To investigate this, we analysed 17 government-sponsored cybersecurity campaign materials. We coded the materials for their intervention functions according to the Behaviour Change Wheel and their behaviour change techniques in accordance with the Behavioural Change Technique Taxonomy (version 1). Our findings show that security campaigns are often focused on education and increasing awareness, under the assumption that as long as citizens are aware of the risk, and are provided with information on how to improve their security behaviour, behaviour will change. Additionally, there is a lack of published effectiveness studies investigating the direct effects of a governmental cybersecurity campaign. Proposed improvements to security campaigns are discussed.
Original languageEnglish
Article numbertyaa019
JournalJournal of Cybersecurity
Volume6
Issue number1
Early online date12 Dec 2020
DOIs
Publication statusPublished - 12 Dec 2020

Funding

This work was supported by the Engineering and Physical Sciences Research Council (EP/P011454/1).

Fingerprint

Dive into the research topics of 'What (if any) behaviour change techniques do government-led cybersecurity awareness campaigns use?'. Together they form a unique fingerprint.

Cite this