Revealing the cyber security non-compliance "attribution gulf"

Jacques Ophoff, Karen Renaud

Research output: Chapter in Book/Report/Conference proceedingConference contribution book

1 Downloads (Pure)

Abstract


Non-compliance is a well-known issue in the field of cyber security. Non-compliance usually manifests in an individual's sins of omission or commission, and it is easy to conclude that the problem is attributable to their personal flawed decision making. However, the individual's decision not to comply is likely also to be influenced by a range of environmental and contextual factors. Bordieu, for example, suggests that personal habitus influences decisions. We identified a wide range of possible explanations for non-compliance from the research literature and classified these, finding that a number of the identified factors were indeed habitus related. We then used Q-methodology to determine which of these non-compliance explanations aligned with public attributions of non-compliance causatives. We discovered an "attribution gulf", with popular opinion attributing non-compliance primarily to individual failings or ignorance. The existence of this attribution gap means that those designing cyber security interventions are likely to neglect the influence of habitus on choices and decisions. We need to broaden our focus if non-compliance is to be reduced.
Original languageEnglish
Title of host publicationProceedings of the 54th Annual Hawaii International Conference on System Sciences, HICSS 2021
EditorsTung X. Bui
Place of PublicationHonolulu, HI
Pages4557-4566
Number of pages10
ISBN (Electronic)9780998133140
Publication statusPublished - 5 Jan 2021
EventInternational Conference on System Sciences - Virtual, Hawaii, United States
Duration: 5 Jan 20218 Jan 2021
https://scholarspace.manoa.hawaii.edu/handle/10125/72112

Publication series

NameProceedings of the Annual Hawaii International Conference on System Sciences
Volume2020-January
ISSN (Print)1530-1605

Conference

ConferenceInternational Conference on System Sciences
Abbreviated title HICSS 54
Country/TerritoryUnited States
CityHawaii
Period5/01/218/01/21
Internet address

Keywords

  • cyber security
  • non-compliance
  • attribution gulf
  • Bordieu
  • habitus
  • decision making
  • common wisdom

Fingerprint

Dive into the research topics of 'Revealing the cyber security non-compliance "attribution gulf"'. Together they form a unique fingerprint.

Cite this