This chapter goes beyond the usual understanding of cyberthreats and considers how humans perceive these threats. We start by listing 5 major misconceptions, which often cloud people’s ability to adequately assess cyber risks. We also present our Psycho-technological Matrix of Cybersecurity Threats and conclude that social engineering is a necessary part for the success of the majority of cybercriminal activities. We then argue that humans are prone to making mistakes when they engage in judgments about security and safety online. By presenting new experimental evidence, we show that people often behave recklessly with regard to their personal data. We also discuss measurement and context-dependency issues, which make accurate assessment of cybersecurity risks difficult in practice.
- 1.Frank Abagnale: “Catch me if you can” | Talks at Google. https://www.youtube.com/watch?v=vsMydMDi3rI.
- 2.Indictment. United States of America v. Victor Netyksho, Boris Antonov, Dmitriy Badin, Ivan Yermakov, Aleksey Lukashev, Sergey Morgachev, Nikolay Kozachek, Pavel Yershov, Artem Mayshev, Aleksandr Osadcguk, Aleksey Potemkin, and Alatoliy Kovalev. https://int.nyt.com/data/documenthelper/80-netyksho-et-al-indictment/ba0521c1eef869deecbe/optimized/full.pdf?action=click&module=Intentional&pgtype=Article.
- 3.Digital Catapult UK. (2015). Trust in personal data: The UK review (The Digital Catapult Report).Google Scholar