Raywood-Burke, George
2023.
Cognitive load and subjective time pressure: How contextual factors impact the quality of cyber-security decision making.
PhD Thesis,
Cardiff University.
Item availability restricted. |
Preview |
PDF
- Accepted Post-Print Version
Download (2MB) | Preview |
![[thumbnail of Cardiff University Electronic Thesis and Dissertation Form]](https://orca.cardiff.ac.uk/style/images/fileicons/application_pdf.png) |
PDF (Cardiff University Electronic Thesis and Dissertation Form)
- Supplemental Material
Restricted to Repository staff only Download (142kB) |
Abstract
The quality of decision-making goes beyond simply considering outcomes as it is also determined by the suitability of the decision-making framework in the given circumstances, the probability of outcomes coming true, combined with the quality of the information available being utilised. However, with contextual pressures such as cognitive load and time pressure posing a threat to decision-making in cyber-security – how do people know whether they are making good decisions? This thesis aimed to examine the impact of cognitive load, how it applies to cyber-security decision-making quality, and subsequently how research to address this could be utilised in the development of tools and user-centric interventions to reduce risky cyber-security decision making. From theoretical cognitive science approaches to applied cyberpsychology research, 10 novel studies were developed, supported by systematic literature reviewing, with data collected from over 2000 participants. From this work, it was found increases in task difficulty could potentially increase insider threat when people are given the opportunity to act dishonestly, but this risk could be reduced by increasing awareness of time pressure. Sources of subjective time pressure, such as time urgency cues in emails, were found to increase susceptibility to cyber incidents – although, risk of such factors varies depending upon the perception of risk probability and outcomes. Whilst measures for individual differences in subjective time pressure were found to have a limited ability to predict safe cyber-security practices, other individual difference predictors were capable of explaining up to 43.5% of cyber-security behaviour variance. Through indicating when and where risky decision-making results in maladaptive behaviour, gain in knowledge has culminated in the creation of a new phishing susceptibility tool, based upon Expected Utility Theory, which could accurately explain 68.5% of behaviour. By highlighting risks in the overarching decision-making process, metacognitive interventions could be targeted to support quality cyber-security decision-making.
| Item Type: | Thesis (PhD) |
|---|---|
| Date Type: | Completion |
| Status: | Unpublished |
| Schools: | Psychology |
| Date of First Compliant Deposit: | 30 May 2024 |
| Last Modified: | 30 May 2024 13:38 |
| URI: | https://orca.cardiff.ac.uk/id/eprint/169273 |
Actions (repository staff only)
 |
Edit Item |
Download Statistics
Download Statistics
Cardiff University Information Services