Framing Effects on Online Security Behavior

Rodríguez-Priego, Nuria; Bavel, René van; Vila, José; Briggs, Pam

doi:10.3389/fpsyg.2020.527886

Cited by 12 publications

(6 citation statements)

References 57 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Those with a high-income background, with or without a college degree, have the highest probability of adopting 2FA. This finding is consistent with the notion of loss aversion, that motivates individuals to exhibit behaviors to prevent such losses [25] including in the cybersecurity context [26,27]. In this respect, the higher the income, the more likely people will adopt 2FA despite all the inconvenience that comes with it.…”

Section: Discussionsupporting

confidence: 86%

Until you have something to lose! Loss aversion and two-factor authentication adoption

Pratama

Firmansyah

2021

ACI

View full text Add to dashboard Cite

PurposeIn this study, the authors seek to understand factors that naturally influence users to adopt two-factor authentication (2FA) without even trying to intervene by investigating factors within individuals that may influence their decision to adopt 2FA by themselves.Design/methodology/approachA total of 1,852 individuals from all 34 provinces in Indonesia participated in this study by filling out online questionnaires. The authors discussed the results from statistical analysis further through the lens of the loss aversion theory.FindingsThe authors found that loss aversion, represented by higher income that translates to greater potential pain caused by losing things to be the most significant demographic factor behind 2FA adoption. On the contrary, those with a low-income background, even if they have some college degree, are more likely to skip 2FA despite their awareness of this technology. The authors also found that the older generation, particularly females, to be among the most vulnerable groups when it comes to authentication-based cyber threats as they are much less likely to adopt 2FA, or even to be aware of its existence in the first place.Originality/valueAuthentication is one of the most important topics in cybersecurity that is related to human-computer interaction. While 2FA increases the security level of authentication methods, it also requires extra efforts that can translate to some level of inconvenience on the user's end. By identifying the associated factors from the user's ends, a necessary intervention can be made so that more users are willing to jump on the 2FA adopters' train.

show abstract

Section: Discussionsupporting

confidence: 86%

Until you have something to lose! Loss aversion and two-factor authentication adoption

Pratama

Firmansyah

2021

ACI

View full text Add to dashboard Cite

show abstract

“…In the cybersecurity context, Anderson and Agarwal (2010) found that users exhibit greater risk-averse behavior when presented with Impact of digital nudging in cybersecurity messages that focus on the benefits of following recommended secure online behaviors than the negative consequences of not following them. In contrast, an experimental study by Rodriguez-Priego et al (2020) found that negative (loss) framing of security risks is more effective in influencing users toward taking more secure behavior than its positive (gain) framing counterpart. Another experimental study by Rosoff et al (2013) did not find any difference in positive versus negative (gain-loss) framing of information security messages.…”

Section: Framing and Priming In Cybersecuritymentioning

confidence: 83%

“…Researchers have utilized prospect theory to evaluate the impact of positively versus negatively framed messages on user behavior (e.g. Aaker and Lee, 2001;Anderson and Agarwal, 2010;Pechmann et al, 2003;Rodriguez-Priego et al, 2020;Rosoff et al, 2013;Sharma, 2017;Shiv et al, 2004;Zhan et al, 2020). In the cybersecurity context, Anderson and Agarwal (2010) found that users exhibit greater risk-averse behavior when presented with Impact of digital nudging in cybersecurity messages that focus on the benefits of following recommended secure online behaviors than the negative consequences of not following them.…”

Section: Framing and Priming In Cybersecuritymentioning

confidence: 99%

Impact of digital nudging on information security behavior: an experimental study on framing and priming in cybersecurity

Sharma¹,

Zhan

Nah

et al. 2021

OCJ

View full text Add to dashboard Cite

PurposePhishing attacks are the most common cyber threats targeted at users. Digital nudging in the form of framing and priming may reduce user susceptibility to phishing. This research focuses on two types of digital nudging, framing and priming, and examines the impact of framing and priming on users' behavior (i.e. action) in a cybersecurity setting. It draws on prospect theory, instance-based learning theory and dual-process theory to generate the research hypotheses.Design/methodology/approachA 3 × 2 experimental study was carried out to test the hypotheses. The experiment consisted of three levels for framing (i.e. no framing, negative framing and positive framing) and two levels for priming (i.e. with and without priming).FindingsThe findings suggest that priming users to information security risks reduces their risk-taking behavior, whereas positive and negative framing of information security messages regarding potential consequences of the available choices do not change users' behavior. The results also indicate that risk-averse cybersecurity behavior is associated with greater confidence with the action, greater perceived severity of cybersecurity risks, lower perceived susceptibility to cybersecurity risks resulting from the action and lower trust in the download link.Originality/valueThis research shows that digital nudging in the form of priming is an effective way to reduce users' exposure to cybersecurity risks.

show abstract

“…Framing effect/cognitive bias [66] The phenomena of reflecting cognitive biases, i.e., expressing opinions and decision-making, are influenced by the way a question is asked. This cognitive bias based on language-framing leads to decision manipulation.…”

Section: Sub-domains Of Language/reasoning Descriptionmentioning

confidence: 99%

A Study on the Psychology of Social Engineering-Based Cyberattacks and Existing Countermeasures

2022

View full text Add to dashboard Cite

As cybersecurity strategies become more robust and challenging, cybercriminals are mutating cyberattacks to be more evasive. Recent studies have highlighted the use of social engineering by criminals to exploit the human factor in an organization’s security architecture. Social engineering attacks exploit specific human attributes and psychology to bypass technical security measures for malicious acts. Social engineering is becoming a pervasive approach used for compromising individuals and organizations (is relatively more convenient to compromise a human compared to discovering a vulnerability in the security system). Social engineering-based cyberattacks are extremely difficult to counter as they do not follow specific patterns or approaches for conducting an attack, making them highly effective, efficient, easy, and obscure approaches for compromising any organization. To counter such attacks, a better understanding of the attack tactics is highly essential. Hence, this paper provides an in-depth analysis of the approaches used to conduct social engineering-based cyberattacks. This study discusses human vulnerabilities employed by criminals in recent security breaches. Further, the paper highlights the existing approaches, including machine learning-based methods, to counter social engineering-based cyberattacks.

show abstract

Framing Effects on Online Security Behavior

Cited by 12 publications

References 57 publications

Until you have something to lose! Loss aversion and two-factor authentication adoption

Until you have something to lose! Loss aversion and two-factor authentication adoption

Impact of digital nudging on information security behavior: an experimental study on framing and priming in cybersecurity

A Study on the Psychology of Social Engineering-Based Cyberattacks and Existing Countermeasures

Contact Info

Product

Resources

About