Do Warning Message Design Recommendations Address Why Non-Experts Do Not Protect Themselves from Cybersecurity Threats? A Review

Keith S. Jones, Natalie R. Lodinger, Benjamin P. Widlus, Akbar Siami Namin, Rattikorn Hewett

Research output: Contribution to journalArticlepeer-review

1 Scopus citations

Abstract

We aimed to understand whether warning message design recommendations address the reasons why non-experts choose to not protect themselves from cybersecurity threats. Toward that end, we synthesized literature to investigate why non-experts choose to not protect themselves, and catalog design recommendations aimed at influencing how non-experts think about threats. We then evaluated whether those recommendations addressed non-experts’ reasons. We are the first to synthesize and compare these important literatures. Our results revealed that current recommendations do not adequately address many of non-experts’ reasons for not protecting themselves. Therefore, implementing those recommendations probably will not convince those non-experts to protect themselves, which may partially explain why warning messages that implement current recommendations improve user compliance but to levels that are still lower than desired. Our results also highlight the need for future research that could lead to new warning message design recommendations that better address non-experts’ reasons for not protecting themselves.

Original languageEnglish
Pages (from-to)1709-1719
Number of pages11
JournalInternational Journal of Human-Computer Interaction
Volume37
Issue number18
DOIs
StatePublished - 2021

Fingerprint

Dive into the research topics of 'Do Warning Message Design Recommendations Address Why Non-Experts Do Not Protect Themselves from Cybersecurity Threats? A Review'. Together they form a unique fingerprint.

Cite this