Abtract

Despite increased efforts to improve cyber-security for organisations and individuals, growing reports of breaches and attacks suggest that not only are we more vulnerable than ever, but also that there “is no obvious solution to the problem of cyber-security” (Garfinkel, 2012, p. 32). As technology has become embedded in virtually all aspects of everyday life, and more and more people are engaged in interactions with systems, it seems likely that the ‘problem’ of cyber-security will remain unsolved in the foreseeable future. While it has become accepted wisdom that cyber-security is a ‘socio-technical’ system, with both technical and human elements, making advances based on this understanding has proved difficult. In part this is due to the diversity of both people and the social contexts in which they live their lives, and the systems with which they interact. At the same time, the public discourse and guidance about cyber-security is confusing and often inappropriately targeted. For instance, the term ‘cyber-security’ can be used to encompass a wide range of attitudes, behaviours, technologies and threats ranging from authentication methods, SCADA systems, spear phishing and cyber-bullying, with interventions poorly targeted and overly technology-threat based. Crucially, however, the experience and understanding of the cyber-security problem is not the same for everyone and the Cybersecurity Across the Lifespan (cSALSA) project seeks to address the fundamental challenge of how we can more fully understand a diverse range of cyber-security experiences, attitudes and behaviours in order to design better, more effective cyber-security services and educational materials.

In the cSALSA project, we take a lifespan approach to studying how cyber-security is understood, and the attitudes and behaviours of people to cyber-security and risk. The project will study cyber-security across three main life stages – amongst young people, those of working age, and older people. The research project will focus on how people’s attitudes and behaviours towards cyber-security and risk change across the lifespan in sync with their goals and aspirations, cognitive abilities and knowledge and ability to control and adapt their cyber-security behaviour. Importantly, we recognize that neither cyber-security related behaviours nor life course development occur in a vacuum. Rather, they are part of a complex inter-play of individual characteristics, elements shared with others in a particular life stage, and the dynamic context in which the person finds themselves. These contexts include aspects of family life, organizational structures, cognitive capacity and knowledge, and social support networks.

We propose a three pronged approach to studying these three life stages:

  1. Research investigating how cyber-security is understood and framed in everyday language across the lifespan;
  2. In-depth qualitative and quantitative work on cyber-security attitudes, knowledge and behaviour across our three points in life, with a specific focus on how the dynamics of people’s lives influences how cyber-security is understood, risks appraised and talked about, and actions taken;
  3. Specific work on metrics for cyber-security, and the development of new psychometrically validated measures of cyber-security perceptions and behaviours.

Project details

Date:
May 2017 – April 2020
Funding:
EPSRC (EP/P011446/1)
Funded value:
£290,275

NORTH Lab investigators

Pam Briggs

I hold a Chair in Applied Psychology at Northumbria University and am a Visiting Professor at Newcastle University. My work primarily addresses issues of identity, trust and security in new social media, seeking answers to three main questions: Why and when do we feel secure in disclosing sensitive identity information about ourselves? What makes us trust an electronic message? How and when do we seek to protect our privacy?

In the last five years, I’ve secured over £2m in research funding, have published over forty articles on human perceptions of trust, privacy and security in computer-mediated communication and have developed, with colleagues, a new model of health advice-seeking online. I’m one of the founder members of the UK's Research Institute in the Science of Cybersecurity, funded by GCHQ in association with RCUK's Global Uncertainty Programme and my most recent research awards address both usable and inclusive privacy and security.

My latest projects (see projects page) concern cybersecurity across the lifespan (cSALSA), the human side of cyber and cloud crime (CRITICAL) and attitudes and decision-making behaviours around cyberinsurance (CYBECO). I’m also a co-investigator on the Digital Economy Research Centre (DERC) where I’ve been exploring ways to democratise context-relevant data collection and analysis and explore the design of digital platforms for social action.

View Profile Send Email

Lynne Coventry

Lynne Coventry is the Director of PaCT Lab (Psychology and Communication Technology) at the University of Northumbria. Lynne is best known for her work on usable security, particularly biometrics.

Her research interests are varied and she is currently involved in research exploring the role of communication technology in the lives of older adults to facilitate mobility and inclusion, the role of trust in student’s use of online information, the usability of medical products and the design of usable security. She is an applied researcher who enjoys working in multidisciplinary teams to solve real problems. She is keen to explore new ways of integrating psychology into design and technology development processes.

She has a multidisciplinary background with a BSC in Psychology and Computing Science, an MSc in Software Engineering and a PhD in Human Computer Interaction. While her early career was spent as a research fellow and lecturer at Stirling University, Heriot Watt and Dundee university, the majority of her career has been as a researcher within Industry (both computing and medical products) working to incorporate understanding of people, their use and acceptance of technology into the requirements and design process.

Lynne is a founding member of the Scottish Usability Professional Association and previous vice president. Lynne is a founding member of STEPS, and current Editor of Interfaces (A British Computer Society Magazine) and a reviewer for a number of international conferences and journals.

View Profile Send Email

James Nicholson

James is a senior researcher in PaCT Lab working on the Cybersecurity Across the Lifespan (cSALSA) project. The project explores how cyber-security is understood, and the attitudes and behaviours of people to cyber-security and risk. During his time in PaCT Lab, James has also worked on Choice Architecture for Information Security (ChAISe), DERC, and CYBECO.

James’ work has focused on improving user authentication, both by repurposing existing graphical authentication systems and by evaluating novel ones. He is also interested in user privacy and how groups of users (children, parents, older adults) experience location tracking technologies, as well as how CCTV video can be crowdsourced to de-centralise the surveillance landscape. More recently, he have developed tools and methodologies for uncovering and understanding employees’ mental models of security threats with the aim of improving training programmes and/or organisational policies, as well as practical means for improving users’ protection against these security threats (e.g. phishing).

James obtained his BSc (Information Systems) from Newcastle University in 2008, and his MRes Psychology from Northumbria University in 2009. James’ PhD work – completed in 2012 – explored user authentication in the context of older adults under the supervision of Professor Lynne Coventry and Professor Pam Briggs.

View Profile Send Email


Other Projects