Article
Technology

Cybersecurity may fail without nudge in the right direction

By George Hopkin
November 03, 2022
undefined mins
New research conducted in consultation with psychologists at Duke University has linked employee security behaviour with attitudes and emotions

Most employees would try to circumvent security controls that block access to unsanctioned applications at work, cybersecurity research has revealed, but a more positive experience could improve matters. 

According to new research from Nudge Security, undesirable security behaviours may have less to do with a lack of awareness and more to do with basic human emotions. The company’s new report, Debunking The 'Stupid User' Myth in Security, explores how workers' attitudes and emotions influence security behaviours. 

Based on research conducted in consultation with leading psychologists at Duke University, Nudge says the report confirms workers are more likely to comply with security controls if they find the experience to be positive and reasonable.

"We now have evidence to suggest that improving the employee experience of security can actually lead to better security outcomes," says Russell Spitler, CEO and co-founder of Nudge Security.

The research took 900 participants through the scenario where they were required to access a SaaS application for work. Participants were randomly assigned to one of three "security interventions" that either blocked access to the application, revoked access punitively, or nudged participants to justify why they required access. 

Humans need a nudge to appreciate reasonable cybersecurity

They were then asked to rate how reasonable they found the intervention, how positively or negatively they felt about it, and how likely they were to comply with it. Participants reported that their attitudes and emotions strongly correlated with their likelihood of compliance.

The report found that 67 per cent of participants said they would not comply with the blocking intervention and would instead look for a workaround. They perceived “nudging” as the most positive and reasonable intervention, according to Nudge, and were three times more likely to feel negative about blocking and punitive interventions. A total of 78 per cent of participants said they would comply with a nudge, twice the compliance rate of the blocking intervention.

"This research underscores basic tenets of human psychology and demonstrates that, even in cybersecurity, attitudes and emotions are strong predictors of behaviour," says Dr Aaron Kay, J Rex Fuqua Professor of Management and Professor of Psychology & Neuroscience at Duke University and Nudge Security advisor, consulted on the development of the research. "Security leaders are setting themselves up for failure when they implement security controls with the assumption that employees will comply mechanically, regardless of their own self-interests."

cybersecurityresearch
Share
Share
Author
George Hopkin

Featured Articles

AI Agenda at Paris 2024: Revolutionising the Olympic Games

We attended the IOC Olympic AI Agenda Launch for Olympic Games Paris 2024 to learn about its AI strategy and enterprise partnerships to transform sports

Who is Gurdeep Singh Pall? Qualtrics’ AI Strategy President

Qualtrics has appointed Microsoft veteran Gurdeep Singh Pall as its new President of AI Strategy to transform the company’s AI offerings for customers

Should Tech Leaders be Concerned About the Power of AI?

With insights from Blackstone CEO Steve Schwarzman, we consider if tech leaders are right to be anxious about AI innovation and if regulation is necessary

Andrew Ng Joins Amazon Board to Support Enterprise AI

Machine Learning

GPT-4 Turbo: OpenAI Enhances ChatGPT AI Model for Developers

Machine Learning

Meta Launches AI Tools to Protect Against Online Image Abuse

AI Applications