Many cybersecurity problems require cyber teams to educate themselves and adapt to new issues constantly. Even though cybersecurity teams and experts polish and hone their knowledge using state-of-the-art software, some factors remain beyond their control. Human behaviours have direct and significant impacts on a computer attack’s success or failure.
Individuals’ attitudes and behaviours strongly influence intrusions into information technology (IT) systems. Recent studies on the subject have established a theory applied to risky behaviours, called the Technology Threat Avoidance Theory (TTAT) (Liang & Xue, 2009). In the following table, it is possible to observe a list of the factors related to TTAT and possibly associated with humans’ risky behaviours when facing scenarios that could compromise their computer system’s safety.
Considering this, this exploratory study by researchers Gillam and Forster (2020) examines how risky behaviour, in a cybersecurity context, can be predicted by avoidance behaviours.
To do this, they analyzed the results of 184 questionnaires completed voluntarily by workers in the United States (N = 184) who had to work in the past with IT as part of their duties. The questionnaire included questions about risky behaviours in cybersecurity. Also, psychological traits related to risky behaviours, such as threat assessment, including susceptibility and perceived severity, are linked to coping mechanisms derived from psychology.
Among the many interesting results of the study, here are the main conclusions:
- The variable that stood out the most was that of the perceived impacts on costs.
- Perceived sensitivity and self-efficacy were also strongly related to risky behaviours. If an individual is more sensitive to the problems that risky behaviour can cause, he is more likely to pay more attention. The same thing applies to employees with a strong sense of self-efficacy.
- The notion of ease and difficulty of the measure to be taken is also to be considered. The more complex an employee perceives the safety task, the less likely he is to perform it.
In addition to its empirical contribution, this study demonstrates the impact of risky human behaviour on cybersecurity. The research is relevant to both researchers and individuals working to prevent cyber attacks.