can-you-nudge-employees-toward-better-cybersecurity?-new-research-says-yes

Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Can You Nudge Employees Toward Better Cybersecurity? New Research Says Yes

AUSTIN, Texas, Nov. 1, 2022 /PRNewswire/ — What cybersecurity practitioners have long suspected is true: 67% of employees would try to circumvent security controls that block access to unsanctioned SaaS applications at work. However, the reason why might come as a surprise. According to new research from Nudge Security, undesirable security behaviors may have less to do with lack of awareness and more to do with basic human emotions.

Key finding: 67% of employees would try to work around security controls that block access to unsanctioned SaaS apps.

Released today, “Debunking the ‘stupid user’ myth in security,” is a new report from Nudge Security that explores how workers’ attitudes and emotions influence security behaviors. Based on research conducted in consultation with leading psychologists at Duke University, it confirms that workers are more likely to comply with security controls if they find the experience to be positive and reasonable.

“We now have evidence to suggest that improving the employee experience of security can actually lead to better security outcomes,” said Russell Spitler, CEO and co-founder of Nudge Security.

The research took 900 participants through a common scenario: needing to access a SaaS application for work. Participants were randomly assigned to one of three “security interventions” that either blocked access to the application, revoked access punitively, or nudged participants to justify access. Participants were asked to rate how reasonable they found the intervention, how positively or negatively they felt about it, and how likely they were to comply with it. Overall, participants’ attitudes and emotions strongly correlated with their likelihood of compliance.

Key Findings

  • 67% of participants said they would not comply with the blocking intervention. Instead, they would look for a workaround.
  • Participants perceived nudging as the most positive and reasonable intervention. They were 3X more likely to feel negatively about blocking and punitive interventions.
  • 78% of participants would comply with a nudge, 2X the compliance rate of the blocking intervention.

Dr. Aaron Kay, PhD, J Rex Fuqua Professor of Management and Professor of Psychology & Neuroscience at Duke University and Nudge Security advisor, consulted on the development of the research.

“This research underscores basic tenets of human psychology and demonstrates that, even in cybersecurity, attitudes and emotions are strong predictors of behavior,” said Kay. “Security leaders are setting themselves up for failure when they implement security controls with the assumption that employees will comply mechanically, regardless of their own self interests.”

Kay and Spitler will discuss the research during an upcoming webcast. Register here. Download the full report at www.nudgesecurity.com.

About Nudge Security

Nudge Security is transforming the human element of cybersecurity by nudging employees towards secure SaaS adoption. Founded in 2021 by Jaime Blasco and Russell Spitler, the company secured funding from Ballistic Ventures in 2022. A fully remote company, Nudge Security has outposts in Austin, Texas and Jackson, Wyoming. Learn more at www.nudgesecurity.com and follow on Twitter and LinkedIn.

Related News

Nearly 500 million WhatsApp User Records Sold Online

Nearly 500 million WhatsApp User Records Sold Online

In what is becoming a rather common trend, a threat actor is claiming to sell 487 million WhatsApp users’ mobile…
How to Create ISO Files from Discs – 3 Best Ways

How to Create ISO Files from Discs – 3 Best Ways

An ISO file is a disk image of an optical disc. It is a single file that contains all the…
All You Need to Know About Emotet in 2022

All You Need to Know About Emotet in 2022

For 6 months, the infamous Emotet botnet has shown almost no activity, and now it’s distributing malicious spam. Let’s dive…