Insights in Cybersecure Behavior from the Field & Psychology
The human factor in cybersecurity is frequently assessed by means of awareness campaigns. Although awareness is one ingredient for behavioural change, efforts to increase awareness have had limited effect on actual cybersecure behaviour. This is due to the fact; knowing what you should do is not the same as actually doing it. So, in order to achieve a more cybersecure environment, one should focus on behaviour as end goal. Our team of psychologists investigated the reasons why desired cybersecure behaviours are not performed yet. The results show that besides awareness, or rather ability, two other factors determine whether behaviour takes place or not: motivation and opportunity. By applying these insights we go beyond awareness and contribute to actual more secure behaviour.