IDEAS home Printed from https://ideas.repec.org/a/plo/pone00/0207408.html
   My bibliography  Save this article

Susceptibility and resilience to cyber threat: Findings from a scenario decision program to measure secure and insecure computing behavior

Author

Listed:
  • Carl F Weems
  • Irfan Ahmed
  • Golden G Richard III
  • Justin D Russell
  • Erin L Neill

Abstract

Interest in the individual differences underlying end user computer security behavior has led to the development of a multidisciplinary field of research known as behavioral information security. An important gap in knowledge and the motivation for this research is the development of ways to measure secure and insecure cyber behavior for research and eventually practice. Here we report a study designed to develop a technique for assessing secure and insecure cyber behavior for broad research use. The Susceptibility and Resilience to Cyber Threat (SRCT) is an immersive scenario decision program. The SRCT measures susceptibility to cyber threat and malicious behavior as well protective resilience actions via participant responses/decisions to emails, interactions with security dialogs, and computer actions in a real-world simulation. Data were collected from a sample of 190 adults (76.3% female), between the ages of 18–61 (mean age = 26.12). Personality, behavioral tendencies, and cognitive preferences were measured with standard previously validated protocols and self-report measures. Factor analysis suggested a 5 item secure actions scale and a 9 item insecure actions scale as viable to extract from the SRCT responses. Statistically analyzable distributions of secure and insecure cyber behaviors were obtained, and these subscales demonstrated acceptable internal consistency as hypothesized. Associations between SRCT scales and other indices of cyber behavior, as well as self-reported personality, were lower than predicted, suggesting that past research reporting links between self-reports of personality and self-reported cyber-behavior may be overestimating the links for actual cyber actions. However, our exploratory analyses suggest discrepancies between self-report and actions in the SRCT may be an interesting avenue to explore. Overall, results were consistent with theorizing and suggest the technique is viable as a construct measure in future research or as an outcome variable in experimental intervention designs.

Suggested Citation

  • Carl F Weems & Irfan Ahmed & Golden G Richard III & Justin D Russell & Erin L Neill, 2018. "Susceptibility and resilience to cyber threat: Findings from a scenario decision program to measure secure and insecure computing behavior," PLOS ONE, Public Library of Science, vol. 13(12), pages 1-18, December.
    • Handle: RePEc:plo:pone00:0207408
    DOI: 10.1371/journal.pone.0207408
    as

    Download full text from publisher

    File URL: https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0207408
    Download Restriction: no
    File URL: https://journals.plos.org/plosone/article/file?id=10.1371/journal.pone.0207408&type=printable
    Download Restriction: no
    File URL: https://libkey.io/10.1371/journal.pone.0207408?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Yan Chen & Iman YeckehZaare & Ark Fangzhou Zhang, 2018. "Real or bogus: Predicting susceptibility to phishing with economic experiments," PLOS ONE, Public Library of Science, vol. 13(6), pages 1-18, June.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Kubilay, Elif & Raiber, Eva & Spantig, Lisa & Cahlíková, Jana & Kaaria, Lucy, 2023. "Can you spot a scam? Measuring and improving scam identification ability," Journal of Development Economics, Elsevier, vol. 165(C).

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:plo:pone00:0207408. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: plosone (email available below). General contact details of provider: https://journals.plos.org/plosone/ .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.