Impact of Digital Nudging on Information Security Behavior : An Experimental Study on Framing and Priming in Cybersecurity
Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review
Author(s)
Related Research Unit(s)
Detail(s)
| Original language | English |
|---|---|
| Pages (from-to) | 69-91 |
| Number of pages | 23 |
| Journal / Publication | Organizational Cybersecurity Journal: Practice, Process and People |
| Volume | 1 |
| Issue number | 1 |
| Online published | 20 Sept 2021 |
| Publication status | Published - 21 Oct 2021 |
Link(s)
| DOI | DOI |
|---|---|
| Attachment(s) | Documents
Publisher's Copyright Statement
|
| Permanent Link | https://scholars.cityu.edu.hk/en/publications/publication(2e9a120d-4173-4736-ab44-fd93013d4c60).html |
Abstract
Purpose - Phishing attacks are the most common cyber threats targeted at users. Digital nudging in the form of framing and priming may reduce user susceptibility to phishing. This research focuses on two types of digital nudging, framing and priming, and examines the impact of framing and priming on users' behavior (i.e. action) in a cybersecurity setting. It draws on prospect theory, instance-based learning theory and dual-process theory to generate the research hypotheses.
Design/methodology/approach - A 3 × 2 experimental study was carried out to test the hypotheses. The experiment consisted of three levels for framing (i.e. no framing, negative framing and positive framing) and two levels for priming (i.e. with and without priming).
Findings - The findings suggest that priming users to information security risks reduces their risk-taking behavior, whereas positive and negative framing of information security messages regarding potential consequences of the available choices do not change users' behavior. The results also indicate that risk-averse cybersecurity behavior is associated with greater confidence with the action, greater perceived severity of cybersecurity risks, lower perceived susceptibility to cybersecurity risks resulting from the action and lower trust in the download link.
Originality/value - This research shows that digital nudging in the form of priming is an effective way to reduce users' exposure to cybersecurity risks.
Design/methodology/approach - A 3 × 2 experimental study was carried out to test the hypotheses. The experiment consisted of three levels for framing (i.e. no framing, negative framing and positive framing) and two levels for priming (i.e. with and without priming).
Findings - The findings suggest that priming users to information security risks reduces their risk-taking behavior, whereas positive and negative framing of information security messages regarding potential consequences of the available choices do not change users' behavior. The results also indicate that risk-averse cybersecurity behavior is associated with greater confidence with the action, greater perceived severity of cybersecurity risks, lower perceived susceptibility to cybersecurity risks resulting from the action and lower trust in the download link.
Originality/value - This research shows that digital nudging in the form of priming is an effective way to reduce users' exposure to cybersecurity risks.
Research Area(s)
- Cybersecurity, Framing, Priming, Digital nudging, Information security, User behavior
Bibliographic Note
Research Unit(s) information for this publication is provided by the author(s) concerned.
Citation Format(s)
Impact of Digital Nudging on Information Security Behavior: An Experimental Study on Framing and Priming in Cybersecurity. / Sharma, Kavya; Zhan, Xinhui; Nah, Fiona Fui-Hoon et al.
In: Organizational Cybersecurity Journal: Practice, Process and People, Vol. 1, No. 1, 21.10.2021, p. 69-91.
In: Organizational Cybersecurity Journal: Practice, Process and People, Vol. 1, No. 1, 21.10.2021, p. 69-91.
Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review
Download Statistics
No data available
