"Cybersecurity May Fail Without Nudge in the Right Direction"

New research conducted in collaboration with Duke University psychologists has linked employee security behavior to attitudes and emotions. Cybersecurity research has revealed that most employees would try to avoid security controls put in place to prevent access to unapproved applications at work, but a more positive experience could help. According to new Nudge Security research, undesirable security behaviors may be due to basic human emotions rather than a lack of awareness. The company's new report titled, "Debunking The 'Stupid User' Myth in Security," provides insight into how employees' attitudes and emotions impact security behaviors. Nudge says the report confirms that employees are more likely to comply with security controls if they find the experience positive and reasonable, based on research conducted in consultation with leading psychologists at Duke University. According to Russell Spitler, CEO and co-founder of Nudge Security, the study found evidence that improving employee security experiences can lead to better security outcomes. The study put 900 people through a scenario in which they had to use a Software-as-a-Service (SaaS) application for work. Participants were assigned at random to one of three "security interventions," which either blocked access to the application, revoked access punitively, or nudged participants to justify why they needed access. They were then asked to rate how reasonable they thought the intervention was, how they felt about it, and how likely they were to comply with it. Participants' attitudes and emotions were found to be highly correlated with their likelihood of compliance. Sixty-seven percent of the participants said they would not comply with the blocking intervention and would instead seek a workaround. According to Nudge, they perceived "nudging" as the most positive and reasonable intervention and were three times more likely to feel negative about blocking and punitive interventions. Seventy-eight percent of the participants said they would comply with a nudge, which was more than double the compliance rate of the blocking intervention. This article continues to discuss the study exploring the influence of employees' perceptions and emotions on security behaviors. 

AI Magazine reports "Cybersecurity May Fail Without Nudge in the Right Direction"

Submitted by Anonymous on