Behaviour Change

by | Security

Getting your staff to change their security behaviour

It is often submitted that fear is bad. Actually, from a behavioural science perspective we know fear is the most effective tool for stimulating behavioural change. Fear of crime is necessary but not sufficient to motivate us to act.

It is often a balancing act in people’s mind. Their risk appetite Vs their perception of the risk. This applies to all crime not just cyber crime.

So fear is necessary but what is crucial is that it is accompanied by a feeling of self-efficacy. People have to see the threat but also believe that they have the ability and the tools to reduce the risk.

This flows from something known as Protection Motivation Theory. The theory states that we need to appreciate that phishing, for example, is a threat. It is highly dangerous. It is likely. It can easily happen to me. This is all “fear” of the threat manifesting. An important motivator but in itself not sufficient. The Theory states we need this fear to be accompanied by a feeling that we understand how to cope with the threat. “I know I click “report” to suspicious emails”; “I never download email attachments”. When these two are combined we see people motivated to take action. Empowered.

If fear increases but you don’t furnish people with the tools to personally control the threat you will yield inaction. They will resign themselves to being hopeless against the threat. Accepting their fate so to speak.

Cyber security is all about raising awareness of the threat but we must also remember that behavioural science tells us whilst fear is needed it isn’t sufficient if not accompanied by empowerment.

Related Content

How pre-election manipulation goes deeper than social media.

How pre-election manipulation goes deeper than social media.

How pre-election manipulation goes deeper than social media. A critical moment is almost upon us. It will be a test of the protections we’ve tried to implement to protect our democratic freedoms. 2020 will once again see the spotlight hit the US elections, the latest...

Insider Threat $800K Rogue Admin

Insider Threat $800K Rogue Admin

What happened? Disgruntled former IT admin Charles E. Taylor quit his job at an unnamed Atlanta based distribution company before going on a sabotage spree costing the company $800,000 USD to redress. Taylors "multi-stage sabotage campaign" involved logging in and...

Lisa Forte on Smashing Security Podcast

Lisa Forte on Smashing Security Podcast

178: Office pranks, meat dresses, and robocop dogs  May 14th, 2020  |   50 mins 42 secs  coronavirus, data breach, email storm, hacking, k2, lady gaga, microsoft, mountaineering, nuclear waste, onkalo, reply all, social distancing, sourdough Graham shares stories of...

Stay Up to Date With The Latest News & Updates