The design of messages to improve cybersecurity incident reporting

Pam Briggs; Debora Jeske; Lynne Coventry

doi:10.1007/978-3-319-58460-7_1

The design of messages to improve cybersecurity incident reporting

Pam Briggs
, Debora Jeske
, Lynne Coventry

School of Applied Psychology

Northumbria University

Research output: Chapter in Book/Report/Conference proceedings › Chapter › peer-review

Abstract

Cybersecurity suffers from the problem of poor incident reporting. We explored message influences on incident reporting rate. Participants were presented with messages that differed in terms of (i) whether the problem was framed as a technical or a security issue and (ii) the perceived beneficiaries of making a report (benefit to the user, to others vs. no benefit message). Participants were more likely to report a problem if so doing implied some benefit to self, where making the problem more personally relevant might act to reduce social loafing in group settings. They were also more likely to report a technical rather than a security problem and qualitative data suggested that users were sometimes suspicious of messages reporting a security incident – believing that the message itself might be a cybersecurity attack. The findings provide starting points for future research aimed at improving incident reporting.

Original language	English
Title of host publication	Human Aspects of Information Security, Privacy and Trust - 5th International Conference, HAS 2017 Held as Part of HCI International 2017, Proceedings
Editors	Theo Tryfonas
Publisher	Springer Verlag
Pages	3-13
Number of pages	11
ISBN (Print)	9783319584591
DOIs	https://doi.org/10.1007/978-3-319-58460-7_1
Publication status	Published - 2017
Event	5th International Conference on Human Aspects of Information Security, Privacy and Trust, HAS 2017, held as part of 19th International Conference on Human-Computer Interaction, HCI 2017 - Vancouver, Canada Duration: 9 Jul 2017 → 14 Jul 2017

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10292 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	5th International Conference on Human Aspects of Information Security, Privacy and Trust, HAS 2017, held as part of 19th International Conference on Human-Computer Interaction, HCI 2017
Country/Territory	Canada
City	Vancouver
Period	9/07/17 → 14/07/17

Keywords

Behavior change
Incident reporting
Protection-motivation theory
Security
Social loafing
User behavior

Access to Document

10.1007/978-3-319-58460-7_1

Cite this

Briggs, P., Jeske, D., & Coventry, L. (2017). The design of messages to improve cybersecurity incident reporting. In T. Tryfonas (Ed.), Human Aspects of Information Security, Privacy and Trust - 5th International Conference, HAS 2017 Held as Part of HCI International 2017, Proceedings (pp. 3-13). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10292 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-58460-7_1

Briggs, Pam ; Jeske, Debora ; Coventry, Lynne. / The design of messages to improve cybersecurity incident reporting. Human Aspects of Information Security, Privacy and Trust - 5th International Conference, HAS 2017 Held as Part of HCI International 2017, Proceedings. editor / Theo Tryfonas. Springer Verlag, 2017. pp. 3-13 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inbook{20063d526d914e958f84dc5452a6f60b,

title = "The design of messages to improve cybersecurity incident reporting",

abstract = "Cybersecurity suffers from the problem of poor incident reporting. We explored message influences on incident reporting rate. Participants were presented with messages that differed in terms of (i) whether the problem was framed as a technical or a security issue and (ii) the perceived beneficiaries of making a report (benefit to the user, to others vs. no benefit message). Participants were more likely to report a problem if so doing implied some benefit to self, where making the problem more personally relevant might act to reduce social loafing in group settings. They were also more likely to report a technical rather than a security problem and qualitative data suggested that users were sometimes suspicious of messages reporting a security incident – believing that the message itself might be a cybersecurity attack. The findings provide starting points for future research aimed at improving incident reporting.",

keywords = "Behavior change, Incident reporting, Protection-motivation theory, Security, Social loafing, User behavior",

author = "Pam Briggs and Debora Jeske and Lynne Coventry",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing AG 2017.; 5th International Conference on Human Aspects of Information Security, Privacy and Trust, HAS 2017, held as part of 19th International Conference on Human-Computer Interaction, HCI 2017 ; Conference date: 09-07-2017 Through 14-07-2017",

year = "2017",

doi = "10.1007/978-3-319-58460-7\_1",

language = "English",

isbn = "9783319584591",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "3--13",

editor = "Theo Tryfonas",

booktitle = "Human Aspects of Information Security, Privacy and Trust - 5th International Conference, HAS 2017 Held as Part of HCI International 2017, Proceedings",

address = "Germany",

}

Briggs, P, Jeske, D & Coventry, L 2017, The design of messages to improve cybersecurity incident reporting. in T Tryfonas (ed.), Human Aspects of Information Security, Privacy and Trust - 5th International Conference, HAS 2017 Held as Part of HCI International 2017, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10292 LNCS, Springer Verlag, pp. 3-13, 5th International Conference on Human Aspects of Information Security, Privacy and Trust, HAS 2017, held as part of 19th International Conference on Human-Computer Interaction, HCI 2017, Vancouver, Canada, 9/07/17. https://doi.org/10.1007/978-3-319-58460-7_1

The design of messages to improve cybersecurity incident reporting. / Briggs, Pam; Jeske, Debora; Coventry, Lynne.
Human Aspects of Information Security, Privacy and Trust - 5th International Conference, HAS 2017 Held as Part of HCI International 2017, Proceedings. ed. / Theo Tryfonas. Springer Verlag, 2017. p. 3-13 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10292 LNCS).

Research output: Chapter in Book/Report/Conference proceedings › Chapter › peer-review

TY - CHAP

T1 - The design of messages to improve cybersecurity incident reporting

AU - Briggs, Pam

AU - Jeske, Debora

AU - Coventry, Lynne

N1 - Publisher Copyright: © Springer International Publishing AG 2017.

PY - 2017

Y1 - 2017

N2 - Cybersecurity suffers from the problem of poor incident reporting. We explored message influences on incident reporting rate. Participants were presented with messages that differed in terms of (i) whether the problem was framed as a technical or a security issue and (ii) the perceived beneficiaries of making a report (benefit to the user, to others vs. no benefit message). Participants were more likely to report a problem if so doing implied some benefit to self, where making the problem more personally relevant might act to reduce social loafing in group settings. They were also more likely to report a technical rather than a security problem and qualitative data suggested that users were sometimes suspicious of messages reporting a security incident – believing that the message itself might be a cybersecurity attack. The findings provide starting points for future research aimed at improving incident reporting.

AB - Cybersecurity suffers from the problem of poor incident reporting. We explored message influences on incident reporting rate. Participants were presented with messages that differed in terms of (i) whether the problem was framed as a technical or a security issue and (ii) the perceived beneficiaries of making a report (benefit to the user, to others vs. no benefit message). Participants were more likely to report a problem if so doing implied some benefit to self, where making the problem more personally relevant might act to reduce social loafing in group settings. They were also more likely to report a technical rather than a security problem and qualitative data suggested that users were sometimes suspicious of messages reporting a security incident – believing that the message itself might be a cybersecurity attack. The findings provide starting points for future research aimed at improving incident reporting.

KW - Behavior change

KW - Incident reporting

KW - Protection-motivation theory

KW - Security

KW - Social loafing

KW - User behavior

UR - https://www.scopus.com/pages/publications/85025157584

U2 - 10.1007/978-3-319-58460-7_1

DO - 10.1007/978-3-319-58460-7_1

M3 - Chapter

AN - SCOPUS:85025157584

SN - 9783319584591

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 3

EP - 13

BT - Human Aspects of Information Security, Privacy and Trust - 5th International Conference, HAS 2017 Held as Part of HCI International 2017, Proceedings

A2 - Tryfonas, Theo

PB - Springer Verlag

T2 - 5th International Conference on Human Aspects of Information Security, Privacy and Trust, HAS 2017, held as part of 19th International Conference on Human-Computer Interaction, HCI 2017

Y2 - 9 July 2017 through 14 July 2017

ER -

Briggs P, Jeske D, Coventry L. The design of messages to improve cybersecurity incident reporting. In Tryfonas T, editor, Human Aspects of Information Security, Privacy and Trust - 5th International Conference, HAS 2017 Held as Part of HCI International 2017, Proceedings. Springer Verlag. 2017. p. 3-13. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-58460-7_1

The design of messages to improve cybersecurity incident reporting

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this