Please use this identifier to cite or link to this item:

Revealing the Cyber Security Non-Compliance “Attribution Gulf”

File Size Format  
0448.pdf 812.03 kB Adobe PDF View/Open

Item Summary

Title:Revealing the Cyber Security Non-Compliance “Attribution Gulf”
Authors:Ophoff, Jacques
Renaud, Karen
Keywords:Innovative Behavioral IS Security and Privacy Research
common wisdom
Date Issued:05 Jan 2021
Abstract:Non-compliance is a well-known issue in the field of cyber security. Non-compliance usually manifests in an individual’s sins of omission or commission, and it is easy to conclude that the problem is attributable to their personal flawed decision making. However, the individual’s decision not to comply is likely also to be influenced by a range of environmental and contextual factors. Bordieu, for example, suggests that personal habitus influences decisions. We identified a wide range of possible explanations for non-compliance from the research literature and classified these, finding that a number of the identified factors were indeed habitus related. We then used Q-methodology to determine which of these non-compliance explanations aligned with public attributions of non-compliance causatives. We discovered an “attribution gulf”, with popular opinion attributing non-compliance primarily to individual failings or ignorance. The existence of this attribution gap means that those designing cyber security interventions are likely to neglect the influence of habitus on choices and decisions. We need to broaden our focus if non-compliance is to be reduced.
Pages/Duration:10 pages
Rights:Attribution-NonCommercial-NoDerivatives 4.0 International
Appears in Collections: Innovative Behavioral IS Security and Privacy Research

Please email if you need this content in ADA-compliant format.

This item is licensed under a Creative Commons License Creative Commons