Cybersecurity may fail without nudge in the right direction

New research conducted in consultation with psychologists at Duke University has linked employee security behaviour with attitudes and emotions

Most employees would try to circumvent security controls that block access to unsanctioned applications at work, cybersecurity research has revealed, but a more positive experience could improve matters. 

According to new research from Nudge Security, undesirable security behaviours may have less to do with a lack of awareness and more to do with basic human emotions. The company’s new report, Debunking The 'Stupid User' Myth in Security, explores how workers' attitudes and emotions influence security behaviours. 

Based on research conducted in consultation with leading psychologists at Duke University, Nudge says the report confirms workers are more likely to comply with security controls if they find the experience to be positive and reasonable.

"We now have evidence to suggest that improving the employee experience of security can actually lead to better security outcomes," says Russell Spitler, CEO and co-founder of Nudge Security.

The research took 900 participants through the scenario where they were required to access a SaaS application for work. Participants were randomly assigned to one of three "security interventions" that either blocked access to the application, revoked access punitively, or nudged participants to justify why they required access. 

Humans need a nudge to appreciate reasonable cybersecurity

They were then asked to rate how reasonable they found the intervention, how positively or negatively they felt about it, and how likely they were to comply with it. Participants reported that their attitudes and emotions strongly correlated with their likelihood of compliance.

The report found that 67 per cent of participants said they would not comply with the blocking intervention and would instead look for a workaround. They perceived “nudging” as the most positive and reasonable intervention, according to Nudge, and were three times more likely to feel negative about blocking and punitive interventions. A total of 78 per cent of participants said they would comply with a nudge, twice the compliance rate of the blocking intervention.

"This research underscores basic tenets of human psychology and demonstrates that, even in cybersecurity, attitudes and emotions are strong predictors of behaviour," says Dr Aaron Kay, J Rex Fuqua Professor of Management and Professor of Psychology & Neuroscience at Duke University and Nudge Security advisor, consulted on the development of the research. "Security leaders are setting themselves up for failure when they implement security controls with the assumption that employees will comply mechanically, regardless of their own self-interests."

Share

Featured Articles

Andrew Ng Joins Amazon Board to Support Enterprise AI

In the wake of Andrew Ng being appointed Amazon's Board of Directors, we consider his career from education towards artificial general intelligence (AGI)

GPT-4 Turbo: OpenAI Enhances ChatGPT AI Model for Developers

OpenAI announces updates for its GPT-4 Turbo model to improve efficiencies for AI developers and to remain competitive in a changing business landscape

Meta Launches AI Tools to Protect Against Online Image Abuse

Tech giant Meta has unveiled a range of new AI tools to filter out unwanted images via its Instagram platform and is working to thwart threat actors

Microsoft in Japan: Investing in AI Skills to Boost Future

Cloud & Infrastructure

Microsoft to Open New Hub to Advance State-of-the-Art AI

AI Strategy

SAP Continues to Develop its Enterprise AI Cloud Strategy

AI Applications