Skip to main content

2025 | OriginalPaper | Buchkapitel

“Probably Put Some Sort of Fear in”: Investigating the Role of Heuristics in Cyber Awareness Messaging for Small to Medium Sized Enterprises

verfasst von : Dominic Button, Jacques Ophoff, Alastair Irons, Sharon McDonald

Erschienen in: Human Aspects of Information Security and Assurance

Verlag: Springer Nature Switzerland

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Cyber-attacks are increasing at an exponential rate, targeting organisation irrespective of size. Small to medium sized enterprises (SMEs) are particularly vulnerable yet often lack cybersecurity awareness. This entails that an individual or organisation becomes aware of the cyber threats they face in addition to the protective actions and behaviours they can take. Despite the positive intentions of current cybersecurity awareness initiatives, there is a lack of adoption by SMEs. To better understand the situation this study explores SME owner or manager perceptions of cybersecurity awareness messages, leveraging psychological heuristics and message framing. Empirical data was collected through interviews with 16 participants representing SMEs in the North-East of England. Findings reflect that the framing of messages towards fear is more accepted by SMEs as opposed to positivity messages. Moreover, heuristics of self-efficacy and cost are seen to instil a desire to comply with cyber security behaviours. However, not all SMEs could agree on an approach thus suggesting that SMEs require bespoke messaging relating to the businesses and the owner.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literatur
1.
Zurück zum Zitat Department for Science, Innovation and Technology and Home Office. Cyber Security Breaches Survey 2024. Cyber Security Breaches Survey 2024 - GOV.UK (2024). https://www.gov.uk/ Department for Science, Innovation and Technology and Home Office. Cyber Security Breaches Survey 2024. Cyber Security Breaches Survey 2024 - GOV.UK (2024). https://​www.​gov.​uk/​
2.
Zurück zum Zitat Everett, C.: Act now to solve the cyber skills gap: the UK government is attempting to address the lack of skills in the cyber security space - but should it be doing more? Comput. Weekly, 21–25 (2020) Everett, C.: Act now to solve the cyber skills gap: the UK government is attempting to address the lack of skills in the cyber security space - but should it be doing more? Comput. Weekly, 21–25 (2020)
3.
Zurück zum Zitat Albrechtsen, E., Hovden, J.: Improving information security awareness and behaviour through dialogue, participation and collective reflection: an intervention study. Comput. Secur. 29(4), 432–445 (2010) Albrechtsen, E., Hovden, J.: Improving information security awareness and behaviour through dialogue, participation and collective reflection: an intervention study. Comput. Secur. 29(4), 432–445 (2010)
4.
Zurück zum Zitat Sadok, M., Alter, S., Bednar, P.: It is not my job: exploring the disconnect between corporate security policies and actual security practices in SMEs. Inf. Comput. Secur. 28(3), 467–483 (2020)CrossRef Sadok, M., Alter, S., Bednar, P.: It is not my job: exploring the disconnect between corporate security policies and actual security practices in SMEs. Inf. Comput. Secur. 28(3), 467–483 (2020)CrossRef
6.
Zurück zum Zitat Julisch, K.: Understanding and overcoming cyber security anti-patterns. Comput. Netw. 57(10), 2206–2211 (2013)CrossRef Julisch, K.: Understanding and overcoming cyber security anti-patterns. Comput. Netw. 57(10), 2206–2211 (2013)CrossRef
7.
Zurück zum Zitat Lloyd, G.: The business benefits of cyber security for SMEs, Computer Fraud & Security, 2020(2). ISSN 14–17, 1361–3723 (2020) Lloyd, G.: The business benefits of cyber security for SMEs, Computer Fraud & Security, 2020(2). ISSN 14–17, 1361–3723 (2020)
8.
Zurück zum Zitat Vakakis, N., Nikolis, O., Ioannidis, D., Votis, K., Tzovaras, D.: Cyber security in smes: the smarthome/office use case. In: 2019 IEEE 24th International workshop on Computer Aided Modeling and Design of Communication Links and Networks (2019) Vakakis, N., Nikolis, O., Ioannidis, D., Votis, K., Tzovaras, D.: Cyber security in smes: the smarthome/office use case. In: 2019 IEEE 24th International workshop on Computer Aided Modeling and Design of Communication Links and Networks (2019)
9.
Zurück zum Zitat Arroyabe, I., Arroyabe, J.: The severity and effects of cyber-breaches in SMEs: a machine learning approach. Enterp. Inf. Syst. (2021) Arroyabe, I., Arroyabe, J.: The severity and effects of cyber-breaches in SMEs: a machine learning approach. Enterp. Inf. Syst. (2021)
11.
Zurück zum Zitat Committee of Public Accounts. Cyber security in the UK. House of Commons (2018).: Cyber security in the UK - Committee of Public Accounts - House of Commons (parliament.uk) Committee of Public Accounts. Cyber security in the UK. House of Commons (2018).: Cyber security in the UK - Committee of Public Accounts - House of Commons (parliament.uk)
12.
Zurück zum Zitat Carr, M., Tanczer, L.M.: UK cyber security industrial policy: an analysis of drivers, market failures and interventions. J. Cyber Policy 3(3), 430–444 (2018)CrossRef Carr, M., Tanczer, L.M.: UK cyber security industrial policy: an analysis of drivers, market failures and interventions. J. Cyber Policy 3(3), 430–444 (2018)CrossRef
14.
Zurück zum Zitat National Cyber Security Centre (NCSC). Cyber Aware. Cyber Aware - NCSC.GOV.UK (2024) National Cyber Security Centre (NCSC). Cyber Aware. Cyber Aware - NCSC.GOV.UK (2024)
15.
Zurück zum Zitat KCL. UK Active Cyber Defence: A Public Good For The Private Sector, The policy institute (2019) KCL. UK Active Cyber Defence: A Public Good For The Private Sector, The policy institute (2019)
16.
Zurück zum Zitat National Cyber Security Centre (NCSC). About Cyber Essentials (2024) National Cyber Security Centre (NCSC). About Cyber Essentials (2024)
17.
Zurück zum Zitat Shojaifar. A., Järvinen, H.: Classifying SMEs for approaching cyber security competence and awareness. In: Proceedings of the 16th International Conference on Availability, Reliability and Security (ARES 2021), Article 160, pp. 1–7. Association for Computing Machinery, New York2021 Shojaifar. A., Järvinen, H.: Classifying SMEs for approaching cyber security competence and awareness. In: Proceedings of the 16th International Conference on Availability, Reliability and Security (ARES 2021), Article 160, pp. 1–7. Association for Computing Machinery, New York2021
18.
Zurück zum Zitat Maddux, J.E., Rogers, R.W.: Protection motivation and self-efficacy: a revised theory of fear appeals and attitude change. J. Exp. Social Psychol. 19(5), 469–479 (1983) Maddux, J.E., Rogers, R.W.: Protection motivation and self-efficacy: a revised theory of fear appeals and attitude change. J. Exp. Social Psychol. 19(5), 469–479 (1983)
19.
Zurück zum Zitat Schuetz, S., Lowry, P., Pienta, D., Thatcher, J.: The effectiveness of abstract versus concrete fear appeals in information security. J. Manag. Inf. Syst. 37, 723–757 (2020)CrossRef Schuetz, S., Lowry, P., Pienta, D., Thatcher, J.: The effectiveness of abstract versus concrete fear appeals in information security. J. Manag. Inf. Syst. 37, 723–757 (2020)CrossRef
20.
Zurück zum Zitat Tannenbaum, M., Zimmerman, S., Helpler, J., Jacobs, L.: Appealing to fear: a meta-analysis of fear appeal effectiveness and theories. American Psychological Association (2015) Tannenbaum, M., Zimmerman, S., Helpler, J., Jacobs, L.: Appealing to fear: a meta-analysis of fear appeal effectiveness and theories. American Psychological Association (2015)
21.
Zurück zum Zitat Lawson, S., Yeo, S., Yu, H., Greene, E.: The cyber-doom effect: the impact of fear appeals in the US cyber security debate, pp. 65–80 (2016) Lawson, S., Yeo, S., Yu, H., Greene, E.: The cyber-doom effect: the impact of fear appeals in the US cyber security debate, pp. 65–80 (2016)
22.
Zurück zum Zitat Sinkeviciute, E.: Why do we need positivity in cybersecurity? Medium (2019) Sinkeviciute, E.: Why do we need positivity in cybersecurity? Medium (2019)
23.
Zurück zum Zitat Barker, J.H.: Nature of Cybersecurity. Sage Publications, Thousands Oaks (2019) Barker, J.H.: Nature of Cybersecurity. Sage Publications, Thousands Oaks (2019)
24.
Zurück zum Zitat Dupuis, M., Renaud, K.: Scoping the ethical principles of cyber security fear appeals. Ethics Inf. Technol. 23, 265–284 (2020)CrossRef Dupuis, M., Renaud, K.: Scoping the ethical principles of cyber security fear appeals. Ethics Inf. Technol. 23, 265–284 (2020)CrossRef
25.
Zurück zum Zitat Bavel, R.V., Rodriguez-Priego, N., Vila, J., Briggs, P.: Using protection motivation theory in the design of nudges to improve online security behaviour. Int. J. Human-Comput. Sci. Stud. 123, 29–39 (2019)CrossRef Bavel, R.V., Rodriguez-Priego, N., Vila, J., Briggs, P.: Using protection motivation theory in the design of nudges to improve online security behaviour. Int. J. Human-Comput. Sci. Stud. 123, 29–39 (2019)CrossRef
26.
Zurück zum Zitat Menard, P., Bott, G.J., Crossler, R.E.: User motivations in protecting information security: protection motivation theory versus self-determination theory. J. Manag. Inf. Syst. 34, 1203–1230 (2017)CrossRef Menard, P., Bott, G.J., Crossler, R.E.: User motivations in protecting information security: protection motivation theory versus self-determination theory. J. Manag. Inf. Syst. 34, 1203–1230 (2017)CrossRef
27.
Zurück zum Zitat Dimas, W.: Failed herd immunity: american business compliance and the united states cyber-security policy’s clash with the european union’s general data protection act. Loyola Univ. Chicago Int. Law Rev. 15, 191–207 (2017) Dimas, W.: Failed herd immunity: american business compliance and the united states cyber-security policy’s clash with the european union’s general data protection act. Loyola Univ. Chicago Int. Law Rev. 15, 191–207 (2017)
28.
Zurück zum Zitat Bada, M., Nurse, J.: Developing cyber security education and awareness programmes for small and medium sized enterprise (SMEs). Inf. Comput. Secur. 27(3), 303–410 (2019) Bada, M., Nurse, J.: Developing cyber security education and awareness programmes for small and medium sized enterprise (SMEs). Inf. Comput. Secur. 27(3), 303–410 (2019)
30.
Zurück zum Zitat Braun, V., Clarke, V.: Using thematic analysis in psychology. Qual. Res. Psychol. 3(77), 101 (2006) Braun, V., Clarke, V.: Using thematic analysis in psychology. Qual. Res. Psychol. 3(77), 101 (2006)
31.
Zurück zum Zitat O’Connor, C., Joffe, H.: Intercoder reliability in qualitative research: debates and practical guidelines. Int. J. Qual. Methods 19 (2020) O’Connor, C., Joffe, H.: Intercoder reliability in qualitative research: debates and practical guidelines. Int. J. Qual. Methods 19 (2020)
32.
Zurück zum Zitat Clarke, V., Braun, V.: Successful Qualitative Research: A Practical Guide for Beginners (2013) Clarke, V., Braun, V.: Successful Qualitative Research: A Practical Guide for Beginners (2013)
33.
Zurück zum Zitat Hoonaard, W.C.: Inter- and intracoder reliability. In: International Encyclopaedia of Qualitative Research, vol. 1, pp. 445–451 (2008) Hoonaard, W.C.: Inter- and intracoder reliability. In: International Encyclopaedia of Qualitative Research, vol. 1, pp. 445–451 (2008)
35.
Zurück zum Zitat Shojaifar, A., Jarvinen, H.: Classifying SMEs for approaching cybersecurity competence and awareness. In: The 16th International Conference on Availability, Reliability and Security, pp. 1–7 (2021) Shojaifar, A., Jarvinen, H.: Classifying SMEs for approaching cybersecurity competence and awareness. In: The 16th International Conference on Availability, Reliability and Security, pp. 1–7 (2021)
36.
Zurück zum Zitat Parkin, S., Arnell, S., Ward, K.: Change that respects business expertise: stories as prompts for a conversation about organisation security. In: New Security Paradigms Workshop (NSPW 2021), Virtual Event, USA, 25–28 October 2021 (2021) Parkin, S., Arnell, S., Ward, K.: Change that respects business expertise: stories as prompts for a conversation about organisation security. In: New Security Paradigms Workshop (NSPW 2021), Virtual Event, USA, 25–28 October 2021 (2021)
Metadaten
Titel
“Probably Put Some Sort of Fear in”: Investigating the Role of Heuristics in Cyber Awareness Messaging for Small to Medium Sized Enterprises
verfasst von
Dominic Button
Jacques Ophoff
Alastair Irons
Sharon McDonald
Copyright-Jahr
2025
DOI
https://doi.org/10.1007/978-3-031-72563-0_8