Collins, Emily I. M.  ORCID: https://orcid.org/0000-0001-9607-3113 and Hinds, Joanne
2021.
Exploring workers' subjective experiences of habit formation in cyber-security: A qualitative survey.
Cyberpsychology, Behavior, and Social Networking
24
(9)
, pp. 599-604.
10.1089/cyber.2020.0631
|
![[thumbnail of Collins. Exploring workers' subjective.pdf]](https://orca.cardiff.ac.uk/style/images/fileicons/application_pdf.png) |
PDF
- Accepted Post-Print Version
Download (204kB) |
Abstract
Employee behaviors remain at the center of the cybersecurity of workplaces, despite the challenges they face in doing so. Time pressures and competing demands mean that users tend to rely on habitual behaviors that often run counter to good cybersecurity practice. One possible solution may be to encourage positive habit formation. Designing such interventions, however, relies on knowledge of the perception and experience of habit formation in the context of cybersecurity. To this end, a qualitative survey containing open-ended questions was completed by 195 participants (mean age = 35.51, 53 percent female) recruited via an online participant panel. Participants were asked what cybersecurity behaviors they perform at work and how they believe any habits were prompted, formed, and maintained. Thematic analysis identified three over-arching themes: (a) forming habits unavoidably or unconsciously (some were mandated, or formed without conscious awareness), (b) consciously cultivating habits (including the roles of intrinsic motivation and external prompts), and (c) social and organizational influences (including the influence of occupational culture, social modeling, previous experiences, and information gathering practices). Based on these findings, we present guidelines for supporting workplace cybersecurity habit formation reflecting these subjective experiences, namely introducing automatic solutions, facilitating external cues, fostering interest in cybersecurity issues among employees, creating a positive cybersecurity occupational culture and highlighting positive behavior, and providing access to accessible cybersecurity information to employees. These results constitute a first step in identifying how habits can be exploited for positive cybersecurity behavior change in a way that accounts for the reliance on habitual behaviors in busy, time-pressured workplaces.
| Item Type: | Article |
|---|---|
| Date Type: | Publication |
| Status: | Published |
| Schools: | Psychology |
| Publisher: | Mary Ann Liebert |
| ISSN: | 2152-2715 |
| Date of First Compliant Deposit: | 8 June 2021 |
| Date of Acceptance: | 26 May 2021 |
| Last Modified: | 03 Mar 2024 16:34 |
| URI: | https://orca.cardiff.ac.uk/id/eprint/141795 |
Citation Data
Cited 1 time in Scopus. View in Scopus. Powered By Scopus® Data
Actions (repository staff only)
 |
Edit Item |
Altmetric
Altmetric
Cardiff University Information Services