What breach? Measuring online awareness of security incidents by studying real-world browsing behavior

by   Sruti Bhagavatula, et al.

Awareness about security and privacy risks is important for developing good security habits. Learning about real-world security incidents and data breaches can alert people to the ways in which their information is vulnerable online, thus playing a significant role in encouraging safe security behavior. This paper examines 1) how often people read about security incidents online, 2) of those people, whether and to what extent they follow up with an action, e.g., by trying to read more about the incident, and 3) what influences the likelihood that they will read about an incident and take some action. We study this by quantitatively examining real-world internet-browsing data from 303 participants. Our findings present a bleak view of awareness of security incidents. Only 17 large-scale security incidents; few read about one even when an incident was likely to have affected them (e.g., the Equifax breach almost universally affected people with Equifax credit reports). We further found that more severe incidents as well as articles that constructively spoke about the incident inspired more action. We conclude with recommendations for specific future research and for enabling useful security incident information to reach more people.


Gamification Techniques for Raising Cyber Security Awareness

Due to the prevalence of online services in modern society, such as inte...

Internet Security Awareness of Filipinos: A Survey Paper

Purpose. This paper examines the Internet security perception of Filipin...

Seniors' Media Preference for Receiving Internet Security Information: A Pilot Study

Due to the increasing use of Internet by older adults and their low comp...

Zooming Into Video Conferencing Privacy and Security Threats

The COVID-19 pandemic outbreak, with its related social distancing and s...

(How) Do people change their passwords after a breach?

To protect against misuse of passwords compromised in a breach, consumer...

Developing cybersecurity education and awareness programmes for Small and medium-sized enterprises (SMEs)

Purpose: An essential component of an organisation's cybersecurity strat...

Please sign up or login with your details

Forgot password? Click here to reset