University researchers say changing human behaviour is key to foiling cyber attacks

Technology used in exercise and lifestyle apps may hold the key to answering that most difficult of challenges – making sure people change their passwords and better protect their online privacy and data. Taking inspiration from exercise and fitness apps that successfully ‘nudge’ people to make behavioural changes, researchers from the University of Bath and Goldsmiths, University of London are investigating whether a simple device that plugs into a PC and signals when action is needed with gentle sound, lights or vibration could make the difference.

Over the last five years, the cost of cyber attacks is reported to have risen by 67%, with the majority of these data breaches being traced back to human error. It’s anticipated that 75% of UK companies plan to address human factors in cyber attacks in the next three years in an attempt to mitigate this issue.

People routinely put off, ignore or otherwise forget cyber security measures such as changing passwords, updating privacy settings and locking computer screens. It also appears that traditional cyber security training is failing to galvanise individuals to act on straightforward security measures.

Dr Emily Collins, research associate at the University of Bath’s School of Management, said: “Humans are the weak link in cyber security. We know that people feel overloaded with data breaches continually reported in the media. They become overwhelmed about what they should be doing to protect themselves. Many of us know we’re not on top of security, but translating that nagging worry into positive action just isn’t happening. It’s leaving us all open to serious security threats.”

Home Office funding support

The researchers are hoping that the project – which is benefiting from Home Office funding via the National Cyber Security Programme – will help to build better habits through a subtle desktop reminder designed to gently nudge people into action without it becoming an annoyance or a distraction.

Collins continued: “Work-based training on cyber security is generally very conventional and often just delivered as a one-off when people join an organisation. There’s scope to learn from health psychology to pinpoint what motivates people to take action to protect their cyber security. Our project recognises that people can respond to a gentle, well-timed nudge and is investigating the most effective way of doing that.”

The project, which is entitled ‘Encouraging cyber security behaviour through gentle interventions: Can ambient displays support users in making more secure decisions?’ will use Adafruit Circuit Playgrounds, which can be programmed to detect when people leave their desks, for example, and remind them to lock their screen through a sequence of lights, sounds or vibrations.

Working prototype

The research team will create a working prototype with open-source code to be available to businesses later in the year. It could be tailored for home use in the future.

Dr Sarah Wiseman, lecturer in computer science at Goldsmiths, University of London, said: “The Adafruit Circuit Playgrounds are a fantastic opportunity to do some rapid prototyping with participants. The in-built functionality on the boards means that you don’t need much experience with electronics to take a concept from idea to reality. ”

The research team, which includes Dr Joanne Hinds (research associate at the University of Bath), is inviting people to take part in a creative element of the study by drawing their cyber security concerns and solutions. The findings will help the team to develop more innovative and creative ways to tackle cyber security problems. For more information, or to take part, visit

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts