Abstract
With society now heavily invested in cyber-technology and most cyber-attacks due to human error, it has never been more vital to focus research on human-centric interventions. Whilst some studies have previously investigated the importance of end-user individual differences (gender, age, education, risk-taking preferences, decision-making style, personality and impulsivity) the current study extended the research to also include acceptance of the internet and the constructs used to explain behavior within the Theory of Planned Behavior (TPB) and Protection Motivation Theory (PMT). Seventy-one participants completed a battery of questionnaires on personality, risk-taking preferences, decision-making style, personality, impulsivity, acceptance of the internet, the combined PMT and TPB questionnaire, as well as an online cyber-security behaviors questionnaire. Gender, age and education did not relate to any cyber-security behaviors, however a number of individual differences were associated. These behaviors include financial risk-taking, avoidant decision-making plus ease of use, facilitating conditions, and trust in the internet. It was also found that safer cyber-security behaviors are seen in those who appraise threat as high, perceive themselves to have the required skills to protect themselves, see value in this protection and understand their place in the cyber-security chain. These findings emphasize the importance of understanding how individual differences relate to cyber-security behaviors in order to create more tailored human-centric interventions such as computer-based decision support systems and other human-machine interface solutions.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Asquith, P.M., Morgan, P.L.: Representing a human-centric cyberspace. In: 11 International Conference on Applied Human Factors and Ergonomics (2020, in press)
Verizon. 2019 Data Breach Investigations Report (2019). https://enterprise.verizon.com/resources/reports/2019-data-breach-investigations-report-emea.pdf
National Cyber Security Centre. The Annual Review 2019 (2019). https://www.ncsc.gov.uk/news/annual-review-2019
Ghafir, I., et al.: Security threats to critical infrastructure: the human factor. J. Supercomput 74, 4986–5002 (2018). https://doi.org/10.1007/s11227-018-2337-2
Gratian, M., Bandi, S., Cukier, M., Dykstra, J., Ginther, A.: Correlating human traits and cyber security behavior intentions. Comput. Secur. 73, 345–358 (2018)
Scholl, M.C., Fuhrmann, F., Scholl, L.R.: Scientific knowledge of the human side of information security as a basis for sustainable trainings in organizational practices. In: Proceedings of the 51st Hawaii International Conference on System Sciences, pp. 2235–2244 (2018)
Bada, M., Sasse, A.M., Nurse, J.R.: Cyber security awareness campaigns: why do they fail to change behaviour? arXiv preprint arXiv:1901.02672 (2019)
Egelman, S., Peer, E.: Scaling the security wall: developing a security behavior intentions scale (SeBIS). In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 2873–2882. ACM (2015)
Dwivedi, K., Rana, N.P., Chen, H., Williams, M.D.: A meta-analysis of the unified theory of acceptance and use of technology (UTAUT). In: Nüttgens, M., Gadatsch, A., Kautz, K., Schirmer, I., Blinn, N. (eds.) TDIT 2011. IAICT, vol. 366, pp. 155–170. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24148-2_10
Venkatesh, V., Thong, J.Y., Xu, X.: Consumer acceptance and use of information technology: extending the unified theory of acceptance and use of technology. MIS Q. 36, 157–178 (2012)
Oh, J.C., Yoon, S.J.: Predicting the use of online information services based on a modified UTAUT model. Behav. Inf. Technol. 33(7), 716–729 (2014)
Wang, H.Y., Wang, S.H.: User acceptance of mobile internet based on the unified theory of acceptance and use of technology: investigating the determinants and gender differences. Soc. Behav. Pers. Int. J. 38(3), 415–426 (2010)
Yu, C.S.: Factors affecting individuals to adopt mobile banking: empirical evidence from the UTAUT model. J. Electron. Commer. Res. 13(2), 104 (2012)
McGill, T., Thompson, N.: Old risks, new challenges: exploring differences in security between home computer and mobile device use. Behav. Inf. Technol. 36(11), 1111–1124 (2017)
van Bavel, R., RodrÃguez-Priego, N., Vila, J., Briggs, P.: Using protection motivation theory in the design of nudges to improve online security behavior. Int. J. Hum. Comput. Stud. 123, 29–39 (2019)
Posey, C., Roberts, T.L., Lowry, P.B.: The impact of organizational commitment on insiders’ motivation to protect organizational information assets. J. Manag. Inf. Syst. 32(4), 179–214 (2015)
Ajzen, I.: The theory of planned behaviour: reactions and reflections. Psychol. Health 26(9), 1103–1127 (2011)
Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A., Herawan, T.: Information security conscious care behaviour formation in organizations. Comput. Secur. 53, 65–78 (2015)
Sommestad, T., Karlzén, H., Hallberg, J.: The sufficiency of the theory of planned behavior for explaining information security policy compliance. Inf. Comput. Secur. 23(2), 200–217 (2015)
Goldberg, L.R., et al.: The international personality item pool and the future of public-domain personality measures. J. Res. Pers. 40(1), 84–96 (2006)
Blais, A.R., Weber, E.U.: A domain-specific risk-taking (DOSPERT) scale for adult populations. Judg. Decis. Mak. 1, 33–47 (2006)
Scott, S.G., Bruce, R.A.: Decision-making style: the development and assessment of a new measure. Educ. Psychol. Measur. 55(5), 818–831 (1995)
Patton, J.H., Stanford, M.S., Barratt, E.S.: Factor structure of the Barratt impulsiveness scale. J. Clin. Psychol. 51(6), 768–774 (1995)
Acknowledgements
The research was supported by a fully funded PhD studentship awarded to the first author (Laura Bishop) from the School of Psychology at Cardiff University. Other support was provided by Airbus where the PhD student is a member of the Airbus Accelerator in Human-Centric Cyber Security team, under the Technical Leadership of the second author (Dr Phillip Morgan) who is also Laura Bishop’s PhD Lead Supervisor.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Bishop, L.M., Morgan, P.L., Asquith, P.M., Raywood-Burke, G., Wedgbury, A., Jones, K. (2020). Examining Human Individual Differences in Cyber Security and Possible Implications for Human-Machine Interface Design. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2020. Lecture Notes in Computer Science(), vol 12210. Springer, Cham. https://doi.org/10.1007/978-3-030-50309-3_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-50309-3_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-50308-6
Online ISBN: 978-3-030-50309-3
eBook Packages: Computer ScienceComputer Science (R0)