Affiliation:
1. University of Southern Denmark and Karlsruhe Institute of Technology
2. Max Planck Institute for Security and Privacy
3. University of Michigan
4. The George Washington University
Abstract
Data breaches are prevalent. We provide novel insights into individuals’ awareness, perception, and responses to breaches that affect them through two online surveys: a main survey (
n
= 413) in which we presented participants with up to three breaches that affected them, and a follow-up survey (
n
= 108) in which we investigated whether the main study participants followed through with their intentions to act. Overall, 73% of participants were affected by at least one breach, but participants were unaware of 74% of breaches affecting them. Although some reported intention to take action, most participants believed the breach would not impact them. We also found a sizable intention-behavior gap. Participants did not follow through with their intention when they were apathetic about breaches, considered potential costs, forgot, or felt resigned about taking action. Our findings suggest that breached organizations should be held accountable for more proactively informing and protecting affected consumers.
Funder
NortonLifeLock Graduate Fellowship and the Helmholtz Association (HGF) through the subtopic Engineering Secure Systems
Publisher
Association for Computing Machinery (ACM)
Subject
Human-Computer Interaction
Reference143 articles.
1. Nudges for Privacy and Security
2. A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate
3. Devdatta Akhawe and Adrienne Porter Felt. 2013. Alice in warningland: A large-scale field study of browser security warning effectiveness. In Proceedings of the USENIX Security Symposium. 257–272. https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_akhawe.pdf.
4. A consolidated approach for estimation of data security breach costs