The nudge puzzle: matching nudge interventions to cybersecurity decisions

Verena Zimmermann, Karen Renaud

Research output: Contribution to journalArticlepeer-review

42 Citations (Scopus)
280 Downloads (Pure)

Abstract

Nudging is a promising approach, in terms of influencing people to make advisable choices in a range of domains, including cybersecurity. However, the processes underlying the concept and the nudge’s effectiveness in different contexts, and in the long term, are still poorly understood. Our research thus first reviewed the nudge concept and differentiated it from other interventions before applying it to the cybersecurity area. We then carried out an empirical study to assess the effectiveness of three different nudge-related interventions on four types of cybersecurity-specific decisions. Our study demonstrated that the combination of a simple nudge and information provision, termed a “hybrid nudge,” was at least as, and in some decision contexts even more effective in encouraging secure choices as the simple nudge on its own. This indicates that the inclusion of information when deploying a nudge, thereby increasing the intervention’s transparency, does not necessarily diminish its effectiveness.
A follow-up study explored the educational and long-term impact of our tested nudge interventions to encourage secure choices. The results indicate that the impact of the initial nudges, of all kinds, did not endure. We conclude by discussing our findings and their implications for research and practice.
Original languageEnglish
Article number7
Pages (from-to)1-45
Number of pages45
JournalACM Transactions on Computer-Human Interaction
Volume28
Issue number1
DOIs
Publication statusPublished - 21 Jan 2021

Keywords

  • nudging
  • nudge theory
  • cybersecurity

Fingerprint

Dive into the research topics of 'The nudge puzzle: matching nudge interventions to cybersecurity decisions'. Together they form a unique fingerprint.

Cite this