Diagnosing and mitigating behavioural cyber risks
Description
Cyber-attacks are an increasingly significant safety and risk issue for companies of any size and many organizations have already been attacked. Preparing for such an event is imperative for every organization – besides up-to-date technological infrastructure, employee awareness, and alert online behavior are critical components of any defense mechanism. Although the importance of and urgency for employee preparedness and the role of cyber-risk communication in that process have been stressed in academic papers and business practice, there remains a dire need for empirical research.
The project investigates the hidden mental models driving employee behavior by applying structured brainstorming to distill common themes and define communication goals. The themes are the foundation for a novel diagnostic tool to evaluate the risk internalization maturity. The diagnosis is compared with the effective risk behavior in smulated cyber attacks settings. The insights are also translated into instructional risk messages and actions. Finally, effective risk communication strategies are defined an tested in an experimental settings.
The project employes multimethod approach. Deep methapher interviews are combinded with breainstorming sessions, multiple quantitative surveys and experiments. In close collaboration with and in real time the research team conducts action research in corporate environments.
Key Data
Projectlead
Deputy Projectlead
Project team
Prof. Deanna Sellnow, Prof. Timothy Sellnow
Project partners
Hochschule Luzern / Institut für Finanzdienstleistungen Zug IFZ
Project status
ongoing, started 12/2022
Funding partner
Third party
Project budget
86'160 EUR