Do Warning Message Design Recommendations Address Why Non-experts Do Not Protect Themselves from Cybersecurity Threats? A Review

Keith S. Jones, Natalie R. Lodinger, Benjamin P. Widlus, Akbar Siami Namin, Rattikorn Hewett

Research output: Contribution to journalArticlepeer-review

Abstract

We aimed to understand whether warning message design recommendations address the reasons why non-experts choose to not protect themselves from cybersecurity threats. Toward that end, we synthesized literature to investigate why non-experts choose to not protect themselves, and catalog design recommendations aimed at influencing how non-experts think about threats. We then evaluated whether those recommendations addressed non-experts’ reasons. We are the first to synthesize and compare these important literatures. Our results revealed that current recommendations do not adequately address many of non-experts’ reasons for not protecting themselves. Therefore, implementing those recommendations probably will not convince those non-experts to protect themselves, which may partially explain why warning messages that implement current recommendations improve user compliance but to levels that are still lower than desired. Our results also highlight the need for future research that could lead to new warning message design recommendations that better address non-experts’ reasons for not protecting themselves.

Original languageEnglish
JournalInternational Journal of Human-Computer Interaction
DOIs
StateAccepted/In press - 2021

Fingerprint Dive into the research topics of 'Do Warning Message Design Recommendations Address Why Non-experts Do Not Protect Themselves from Cybersecurity Threats? A Review'. Together they form a unique fingerprint.

Cite this