HOW TO CONVINCE USERS TO PROTECT THEMSELVES AGAINST CYBERSECURITY THREATS

Robert Willison, Dennis Galletta*, Gregory Moody, Paul Lowry, Scott Boss, Yan Chen, Xin Luo, Daniel Pienta, Sebastian Schultz, Peter Polak, Jason Thatcher

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

Abstract

Despite technological advancements, cybersecurity breaches persist, with human actions often serving as the most vulnerable point of entry. Educational programs and policies have failed to curb threats, evident in the rising trend of data compromises and breach costs. From 2005-2023, U.S. data compromises and costs surged, averaging $9.48 million in 2023. Worsening threat situations do not seem to correlate with an abundance of tools and techniques that have been applied over that period, so a strategic shift seems to be needed. Based on interviews with CISOs as well as earlier experimental research, this paper advocates for using care in warning users about security dangers, yet providing them with the confidence they need to be more careful and to prevent problems. Effective risk containment demands a redefined dialogue on cybersecurity consequences for employees, consumers and stakeholders. Our main conclusion is that managers need to walk a fine line in security communications: It is important to instill just enough fear about potential consequences of carelessness, but there are many concerns about going overboard, instilling negativism or too much fear.
Original languageEnglish
JournalMIS Quarterly Executive
Publication statusSubmitted - 2024

Keywords

  • Cybersecurity, Data Breaches, User Actions, Management Interventions, Breach Costs, Technological Vulnerabilities and Security Awareness

Fingerprint

Dive into the research topics of 'HOW TO CONVINCE USERS TO PROTECT THEMSELVES AGAINST CYBERSECURITY THREATS'. Together they form a unique fingerprint.

Cite this