Impact of Digital Nudging on Information Security Behavior: An Experimental Study on Framing and Priming in Cybersecurity

Kavya Sharma; Xinhui Zhan; Fiona Fui-Hoon Nah; Keng  Siau; Maggie X. Cheng

doi:10.1108/ocj-03-2021-0009

Impact of Digital Nudging on Information Security Behavior: An Experimental Study on Framing and Priming in Cybersecurity

Kavya Sharma, Xinhui Zhan, Fiona Fui-Hoon Nah^*, Keng Siau, Maggie X. Cheng

^*Corresponding author for this work

Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review

202 Downloads (CityUHK Scholars)

Abstract

Purpose - Phishing attacks are the most common cyber threats targeted at users. Digital nudging in the form of framing and priming may reduce user susceptibility to phishing. This research focuses on two types of digital nudging, framing and priming, and examines the impact of framing and priming on users' behavior (i.e. action) in a cybersecurity setting. It draws on prospect theory, instance-based learning theory and dual-process theory to generate the research hypotheses.

Design/methodology/approach - A 3 × 2 experimental study was carried out to test the hypotheses. The experiment consisted of three levels for framing (i.e. no framing, negative framing and positive framing) and two levels for priming (i.e. with and without priming).

Findings - The findings suggest that priming users to information security risks reduces their risk-taking behavior, whereas positive and negative framing of information security messages regarding potential consequences of the available choices do not change users' behavior. The results also indicate that risk-averse cybersecurity behavior is associated with greater confidence with the action, greater perceived severity of cybersecurity risks, lower perceived susceptibility to cybersecurity risks resulting from the action and lower trust in the download link.

Originality/value - This research shows that digital nudging in the form of priming is an effective way to reduce users' exposure to cybersecurity risks.

Original language	English
Pages (from-to)	69-91
Number of pages	23
Journal	Organizational Cybersecurity Journal: Practice, Process and People
Volume	1
Issue number	1
Online published	20 Sept 2021
DOIs	https://doi.org/10.1108/ocj-03-2021-0009
Publication status	Published - 21 Oct 2021

Bibliographical note

Research Unit(s) information for this publication is provided by the author(s) concerned.

Research Keywords

Cybersecurity
Framing
Priming
Digital nudging
Information security
User behavior

Publisher's Copyright Statement

This full text is made available under CC-BY 4.0. https://creativecommons.org/licenses/by/4.0/

Access Output

10.1108/ocj-03-2021-0009

109778427.pdfFinal Published version, 2.36 MBLicence: CC BY

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

@article{2e9a120d41734736ab44fd93013d4c60,

title = "Impact of Digital Nudging on Information Security Behavior: An Experimental Study on Framing and Priming in Cybersecurity",

abstract = "Purpose - Phishing attacks are the most common cyber threats targeted at users. Digital nudging in the form of framing and priming may reduce user susceptibility to phishing. This research focuses on two types of digital nudging, framing and priming, and examines the impact of framing and priming on users' behavior (i.e. action) in a cybersecurity setting. It draws on prospect theory, instance-based learning theory and dual-process theory to generate the research hypotheses.Design/methodology/approach - A 3 × 2 experimental study was carried out to test the hypotheses. The experiment consisted of three levels for framing (i.e. no framing, negative framing and positive framing) and two levels for priming (i.e. with and without priming).Findings - The findings suggest that priming users to information security risks reduces their risk-taking behavior, whereas positive and negative framing of information security messages regarding potential consequences of the available choices do not change users' behavior. The results also indicate that risk-averse cybersecurity behavior is associated with greater confidence with the action, greater perceived severity of cybersecurity risks, lower perceived susceptibility to cybersecurity risks resulting from the action and lower trust in the download link.Originality/value - This research shows that digital nudging in the form of priming is an effective way to reduce users' exposure to cybersecurity risks.",

keywords = "Cybersecurity, Framing, Priming, Digital nudging, Information security, User behavior",

author = "Kavya Sharma and Xinhui Zhan and Nah, {Fiona Fui-Hoon} and Keng Siau and Cheng, {Maggie X.}",

note = "Research Unit(s) information for this publication is provided by the author(s) concerned.",

year = "2021",

month = oct,

day = "21",

doi = "10.1108/ocj-03-2021-0009",

language = "English",

volume = "1",

pages = "69--91",

journal = "Organizational Cybersecurity Journal: Practice, Process and People",

issn = "2635-0270",

publisher = "Emerald Publishing Limited",

number = "1",

}

Impact of Digital Nudging on Information Security Behavior: An Experimental Study on Framing and Priming in Cybersecurity. / Sharma, Kavya; Zhan, Xinhui; Nah, Fiona Fui-Hoon et al.
In: Organizational Cybersecurity Journal: Practice, Process and People, Vol. 1, No. 1, 21.10.2021, p. 69-91.

Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review

TY - JOUR

T1 - Impact of Digital Nudging on Information Security Behavior

T2 - An Experimental Study on Framing and Priming in Cybersecurity

AU - Sharma, Kavya

AU - Zhan, Xinhui

AU - Nah, Fiona Fui-Hoon

AU - Siau, Keng

AU - Cheng, Maggie X.

N1 - Research Unit(s) information for this publication is provided by the author(s) concerned.

PY - 2021/10/21

Y1 - 2021/10/21

N2 - Purpose - Phishing attacks are the most common cyber threats targeted at users. Digital nudging in the form of framing and priming may reduce user susceptibility to phishing. This research focuses on two types of digital nudging, framing and priming, and examines the impact of framing and priming on users' behavior (i.e. action) in a cybersecurity setting. It draws on prospect theory, instance-based learning theory and dual-process theory to generate the research hypotheses.Design/methodology/approach - A 3 × 2 experimental study was carried out to test the hypotheses. The experiment consisted of three levels for framing (i.e. no framing, negative framing and positive framing) and two levels for priming (i.e. with and without priming).Findings - The findings suggest that priming users to information security risks reduces their risk-taking behavior, whereas positive and negative framing of information security messages regarding potential consequences of the available choices do not change users' behavior. The results also indicate that risk-averse cybersecurity behavior is associated with greater confidence with the action, greater perceived severity of cybersecurity risks, lower perceived susceptibility to cybersecurity risks resulting from the action and lower trust in the download link.Originality/value - This research shows that digital nudging in the form of priming is an effective way to reduce users' exposure to cybersecurity risks.

AB - Purpose - Phishing attacks are the most common cyber threats targeted at users. Digital nudging in the form of framing and priming may reduce user susceptibility to phishing. This research focuses on two types of digital nudging, framing and priming, and examines the impact of framing and priming on users' behavior (i.e. action) in a cybersecurity setting. It draws on prospect theory, instance-based learning theory and dual-process theory to generate the research hypotheses.Design/methodology/approach - A 3 × 2 experimental study was carried out to test the hypotheses. The experiment consisted of three levels for framing (i.e. no framing, negative framing and positive framing) and two levels for priming (i.e. with and without priming).Findings - The findings suggest that priming users to information security risks reduces their risk-taking behavior, whereas positive and negative framing of information security messages regarding potential consequences of the available choices do not change users' behavior. The results also indicate that risk-averse cybersecurity behavior is associated with greater confidence with the action, greater perceived severity of cybersecurity risks, lower perceived susceptibility to cybersecurity risks resulting from the action and lower trust in the download link.Originality/value - This research shows that digital nudging in the form of priming is an effective way to reduce users' exposure to cybersecurity risks.

KW - Cybersecurity

KW - Framing

KW - Priming

KW - Digital nudging

KW - Information security

KW - User behavior

U2 - 10.1108/ocj-03-2021-0009

DO - 10.1108/ocj-03-2021-0009

M3 - RGC 21 - Publication in refereed journal

SN - 2635-0270

VL - 1

SP - 69

EP - 91

JO - Organizational Cybersecurity Journal: Practice, Process and People

JF - Organizational Cybersecurity Journal: Practice, Process and People

IS - 1

ER -

Impact of Digital Nudging on Information Security Behavior: An Experimental Study on Framing and Priming in Cybersecurity

Abstract

Bibliographical note

Research Keywords

Publisher's Copyright Statement

Access Output

Other Access Options

Permanent Link

Fingerprint

Cite this