Personalisation in Cyber-security

Thoughts around human-factors cybersecurity vulnerability have changed over the past three decades from humans being “the weak link in the chain” to being important members in a greater security culture.

However, cyber-security is still often considered to be tedious and an unnecessary evil by end-user staff members. Behavioural science has been, and continues to be, leveraged to “nudge” users towards better security behaviour, and organisations such as ThinkCyber have developed software designed to nudge users when they are most at risk of falling foul of cyber-threats. Failing to consider intra-individual variability means solutions are unlikely to be effective for individual users. An emerging literature base has suggested that personalisation is key to promoting effective cybersecurity.

This research is seeking to further develop an existing security nudge platform by understanding which components of human-factors cyber-security are: important, measurable and associated with better security outcomes.

So far, an internal, online workshop held within Northumbria University has made steps towards mapping the important areas of human-factors cyber-security (such as digital literacy, state and trait factors such as fatigue and personality, and other factors such as environment), before outlining which factors are easily measurable by such a platform. This early work will inform additional workshops, as well as online surveys prior to integration in the software platform.  

Partners: Tim Ward, ThinkCyber

People: Pam Briggs