Developing and Validating a Behavioural Model of Cyberinsurance Adoption

Business disruption from cyberattacks is a growing concern, yet cyberinsurance uptake remains low. Using an online behavioural economics experiment with 4800 participants across four EU countries, this study tests a predictive model of cyberinsurance adoption, incorporating elements of Protection Motivation Theory (PMT) and the Theory of Planned Behaviour (TPB) as well as factors in relation to risk propensity and price. During the experiment, participants were given the opportunity to purchase different cybersecurity measures and cyberinsurance products before performing an online task. Participants likelihood of suffering a cyberattack was dependent upon their adoption of cybersecurity me…

Behavioural Issues in Cybersecurity

Framing Effects on Online Security Behavior

We conducted an incentivized lab experiment examining the effect of gain vs. loss-framed warning messages on online security behavior. We measured the probability of suffering a cyberattack during the experiment as the result of five specific security behaviors: choosing a safe connection, providing minimum information during the sign-up process, choosing a strong password, choosing a trusted vendor, and logging-out. A loss-framed message led to more secure behavior during the experiment. The experiment also measured the effect of trusting beliefs and cybersecurity knowledge. Trusting beliefs had a negative effect on security behavior, while cybersecurity knowledge had a positive effect.

Using protection motivation theory in the design of nudges to improve online security behavior

Abstract We conducted an online experiment (n = 2024) on a representative sample of internet users in Germany, Sweden, Poland, Spain and the UK to explore the effect of notifications on security behaviour. Inspired by protection motivation theory (PMT), a coping message advised participants on how to minimize their exposure to risk and a threat appeal highlighted the potential negative consequences of not doing so. Both increased secure behavior – but the coping message significantly more so. The coping message was also as effective as both messages combined, but not so the threat appeal. Risk attitudes, age and country had a significant effect on behavior. Initiatives seeking to promote se…