Skip to main content
SpringerLink
Log in

Does Decision-Making Style Predict Individuals’ Cybersecurity Avoidance Behaviour?

  • Conference paper
  • First Online:
HCI for Cybersecurity, Privacy and Trust (HCII 2020)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 12210))

Included in the following conference series:

Abstract

In the field of cybersecurity, human behaviour is considered as the weakest link. We applied gamification techniques to the development of an Augmented Reality game, CybAR, which was designed to educate users about cybersecurity in an effective and entertaining way. This research incorporates decision-making style into Technology Threat Avoidance Theory (TTAT) of CybAR game use. This paper particularly focuses on the role of decision-making style in avoidance of risky cybersecurity behaviour based on factors derived from Technology Threat Avoidance Theory (TTAT). A cross-sectional survey was conducted among 95 students at Macquarie University to assess the effect of individual differences, namely, decision-making style, as a moderator variable between motivation behaviour and cybersecurity avoidance behaviour factors. The findings indicated that the moderating effect of decision-making style had a significant effect on avoidance behaviour. In particular, rational decision-making was a strongly significant moderator of avoidance behaviour and cybersecurity avoidance behaviour, while dependent and avoidant styles were less significant moderators of avoidance behaviour and cybersecurity avoidance behaviour.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Alqahtani, H., Kavakli, M., Sheikh, N.U.: Analysis of the technology acceptance theoretical model in examining users behavioural intention to use an augmented reality app (imap-campus). Int. J. Eng. Manag. Res. (IJEMR) 8(5), 37–49 (2018)

    Article  Google Scholar 

  2. Appelt, K.C., Milch, K.F., Handgraaf, M.J., Weber, E.U.: The decision making individual differences inventory and guidelines for the study of individual differences in judgment and decision-making research. Judgm. Decis. Mak. 6, 252–262 (2011)

    Google Scholar 

  3. Arachchilage, N.A.G., Love, S., Beznosov, K.: Phishing threat avoidance behaviour: an empirical investigation. Comput. Hum. Behav. 60, 185–197 (2016)

    Article  Google Scholar 

  4. Atkinson, J.W.: Motivational determinants of risk-taking behavior. Psychol. Rev. 64(6p1), 359 (1957)

    Article  Google Scholar 

  5. Azuma, R.T.: A survey of augmented reality. Presence Teleop. Virt. Environ. 6(4), 355–385 (1997)

    Article  Google Scholar 

  6. Boss, S., Galletta, D., Lowry, P.B., Moody, G.D., Polak, P.: What do systems users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviors. MIS Q. (MISQ) 39(4), 837–864 (2015)

    Article  Google Scholar 

  7. Bryman, A., Cramer, D.: Quantitative Data Analysis with SPSS 12 and 13: A Guide for Social Scientists. Routledge, London (2004)

    Book  Google Scholar 

  8. Chin, W.W.: Commentary: Issues and opinion on structural equation modeling (1998)

    Google Scholar 

  9. Cohen, J.: Statistical power analysis. Curr. Dir. Psychol. Sci. 1(3), 98–101 (1992)

    Article  Google Scholar 

  10. Davis, F.D.: Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Q. 13, 319–340 (1989)

    Article  Google Scholar 

  11. Denning, T., Lerner, A., Shostack, A., Kohno, T.: Control-Alt-Hack: the design and evaluation of a card game for computer security awareness and education. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 915–928. ACM (2013)

    Google Scholar 

  12. Dhamija, R., Tygar, J.D., Hearst, M.: Why phishing works. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 581–590. ACM (2006)

    Google Scholar 

  13. Downs, J.S., Holbrook, M., Cranor, L.F.: Behavioral response to phishing risk. In: Proceedings of the Anti-phishing Working Groups 2nd Annual eCrime Researchers Summit, pp. 37–44 (2007)

    Google Scholar 

  14. Egelman, S., Peer, E.: Scaling the security wall: developing a security behavior intentions scale (SeBIS). In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 2873–2882 (2015)

    Google Scholar 

  15. Filkins, B., Hardy, G.: It security spending trends. SANS (2016). https://www.sans.org/reading-room/whitepapers/analyst/security-spending-trends-36697

  16. Fornell, C., Larcker, D.F.: Evaluating structural equation models with unobservable variables and measurement error. J. Mark. Res. 18(1), 39–50 (1981)

    Article  Google Scholar 

  17. Gefen, D., Straub, D., Boudreau, M.C.: Structural equation modeling and regression: guidelines for research practice. Commun. Assoc. Inf. Syst. 4(1), 7 (2000)

    Google Scholar 

  18. Gratian, M., Bandi, S., Cukier, M., Dykstra, J., Ginther, A.: Correlating human traits and cyber security behavior intentions. Comput. Secur. 73, 345–358 (2018)

    Article  Google Scholar 

  19. Howard, D., Prince, K.: Security 2020: Reduce security Risks This Decade. Wiley Publishing, Indianapolis (2010)

    Book  Google Scholar 

  20. Jeske, D., Briggs, P., Coventry, L.: Exploring the relationship between impulsivity and decision-making on mobile devices. Pers. Ubiquit. Comput. 20(4), 545–557 (2016). https://doi.org/10.1007/s00779-016-0938-4

    Article  Google Scholar 

  21. Jin, G., Tu, M., Kim, T.H., Heffron, J., White, J.: Game based cybersecurity training for high school students. In: Proceedings of the 49th ACM Technical Symposium on Computer Science Education, pp. 68–73. ACM (2018)

    Google Scholar 

  22. Kassicieh, S., Lipinski, V., Seazzu, A.F.: Human centric cyber security: what are the new trends in data protection? In: 2015 Portland International Conference on Management of Engineering and Technology (PICMET), pp. 1321–1338. IEEE (2015)

    Google Scholar 

  23. Kirlappos, I., Sasse, M.A.: Security education against phishing: a modest proposal for a major rethink. IEEE Secur. Priv. 10(2), 24–32 (2011)

    Article  Google Scholar 

  24. Krasniqi, B.A., Berisha, G., Pula, J.S.: Does decision-making style predict managers’ entrepreneurial intentions? J. Glob. Entrepr. Res. 9(1), 1–15 (2019)

    Article  Google Scholar 

  25. Kumaraguru, P., Sheng, S., Acquisti, A., Cranor, L.F., Hong, J.: Teaching johnny not to fall for phish. ACM Trans. Internet Technol. (TOIT) 10(2), 7 (2010)

    Article  Google Scholar 

  26. Li, C.Y., Ku, Y.C.: The effects of persuasive messages on system acceptance. In: PACIS, p. 110. Citeseer (2011)

    Google Scholar 

  27. Liang, H., Xue, Y.: Avoidance of information technology threats: a theoretical perspective. MIS Q. 33, 71–90 (2009)

    Article  Google Scholar 

  28. Mirkovic, J., Peterson, P.A.: Class capture-the-flag exercises. In: 2014 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 2014) (2014)

    Google Scholar 

  29. Misra, G., Arachchilage, N.A.G., Berkovsky, S.: Phish phinder: a game design approach to enhance user confidence in mitigating phishing attacks. arXiv preprint arXiv:1710.06064 (2017)

  30. Mohamed, N., Ahmad, I.H.: Information privacy concerns, antecedents and privacy measure use in social networking sites: evidence from Malaysia. Comput. Hum. Behav. 28(6), 2366–2375 (2012)

    Article  Google Scholar 

  31. Ng, B.Y., Xu, Y.: Studying users’ computer security behavior using the health belief model. In: PACIS 2007 Proceedings, p. 45 (2007)

    Google Scholar 

  32. Rogers, R.W.: A protection motivation theory of fear appeals and attitude change1. J. Psychol. 91(1), 93–114 (1975)

    Article  Google Scholar 

  33. Rosenstock, I.M.: Historical origins of the health belief model. Health Educ. Monogr. 2(4), 328–335 (1974)

    Article  Google Scholar 

  34. Scholefield, S., Shepherd, L.A.: Gamification techniques for raising cyber security awareness. arXiv preprint arXiv:1903.08454 (2019)

  35. Scott, S.G., Bruce, R.A.: Decision-making style: the development and assessment of a new measure. Educ. Psychol. Measur. 55(5), 818–831 (1995)

    Article  Google Scholar 

  36. Sheng, S., et al.: Anti-phishing phil: the design and evaluation of a game that teaches people not to fall for phish. In: Proceedings of the 3rd symposium on Usable Privacy and Security, pp. 88–99. ACM (2007)

    Google Scholar 

  37. Smith, H.J., Milberg, S.J., Burke, S.J.: Information privacy: measuring individuals’ concerns about organizational practices. MIS Q. 20, 167–196 (1996)

    Article  Google Scholar 

  38. Stevens, T.: Global cybersecurity: new directions in theory and methods. Politics Gov. 6(2), 1–4 (2018)

    Article  Google Scholar 

  39. Thompson, M.F., Irvine, C.E.: CyberCIEGE scenario design and implementation. In: 2014 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 2014) (2014)

    Google Scholar 

  40. Wen, Z.A., Lin, Z., Chen, R., Andersen, E.: What.Hack: engaging anti-phishing training through a role-playing phishing simulation game. In: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, p. 108. ACM (2019)

    Google Scholar 

  41. Williams, L., Meneely, A., Shipley, G.: Protection poker: the new software security game. IEEE Secur. Priv. 8(3), 14–20 (2010)

    Article  Google Scholar 

  42. Yasin, A., Liu, L., Li, T., Wang, J., Zowghi, D.: Design and preliminary evaluation of a cyber security requirements education game (SREG). Inf. Softw. Technol. 95, 179–200 (2018)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Macquarie University, Sydney, Australia

    Hamed Alqahtani & Manolya Kavakli-Thorne

Authors
  1. Hamed Alqahtani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Manolya Kavakli-Thorne
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hamed Alqahtani .

Editor information

Editors and Affiliations

  1. San Jose State University, San Jose, CA, USA

    Abbas Moallem

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Alqahtani, H., Kavakli-Thorne, M. (2020). Does Decision-Making Style Predict Individuals’ Cybersecurity Avoidance Behaviour?. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2020. Lecture Notes in Computer Science(), vol 12210. Springer, Cham. https://doi.org/10.1007/978-3-030-50309-3_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-50309-3_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-50308-6

  • Online ISBN: 978-3-030-50309-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation