Cybersecurity may fail without nudge in the right direction

New research conducted in consultation with psychologists at Duke University has linked employee security behaviour with attitudes and emotions

Most employees would try to circumvent security controls that block access to unsanctioned applications at work, cybersecurity research has revealed, but a more positive experience could improve matters. 

According to new research from Nudge Security, undesirable security behaviours may have less to do with a lack of awareness and more to do with basic human emotions. The company’s new report, Debunking The 'Stupid User' Myth in Security, explores how workers' attitudes and emotions influence security behaviours. 

Based on research conducted in consultation with leading psychologists at Duke University, Nudge says the report confirms workers are more likely to comply with security controls if they find the experience to be positive and reasonable.

"We now have evidence to suggest that improving the employee experience of security can actually lead to better security outcomes," says Russell Spitler, CEO and co-founder of Nudge Security.

The research took 900 participants through the scenario where they were required to access a SaaS application for work. Participants were randomly assigned to one of three "security interventions" that either blocked access to the application, revoked access punitively, or nudged participants to justify why they required access. 

Humans need a nudge to appreciate reasonable cybersecurity

They were then asked to rate how reasonable they found the intervention, how positively or negatively they felt about it, and how likely they were to comply with it. Participants reported that their attitudes and emotions strongly correlated with their likelihood of compliance.

The report found that 67 per cent of participants said they would not comply with the blocking intervention and would instead look for a workaround. They perceived “nudging” as the most positive and reasonable intervention, according to Nudge, and were three times more likely to feel negative about blocking and punitive interventions. A total of 78 per cent of participants said they would comply with a nudge, twice the compliance rate of the blocking intervention.

"This research underscores basic tenets of human psychology and demonstrates that, even in cybersecurity, attitudes and emotions are strong predictors of behaviour," says Dr Aaron Kay, J Rex Fuqua Professor of Management and Professor of Psychology & Neuroscience at Duke University and Nudge Security advisor, consulted on the development of the research. "Security leaders are setting themselves up for failure when they implement security controls with the assumption that employees will comply mechanically, regardless of their own self-interests."


Featured Articles

ABBYY partner with Arsenal Women to offer AI solutions

Digital solutions provider ABBYY becomes Arsenal Women’s first official intelligent automation partner to offer expertise in business transformation

SAP announces Joule, its enterprise generative AI assistant

SAP's enterprise generative AI chatbot Joule is company's latest addition to its enterprise offering, promising to transform the way businesses run

Virgin Atlantic accelerates AI transformation with Amperity

Leading enterprise customer data platform will help Virgin Atlantic leverage a data-driven strategy to deliver highly personalised customer experiences

Sustainability LIVE: Event for AI leaders

AI Strategy

VMware and NVIDIA AI Foundation unlocks business potential

Machine Learning

TimeAI Summit Oct 2023 to unite tech giants and visionaries