Around 80 percent of home computer users who admit that they don’t take measures to protect their online security cite laziness as the reason, a PhD study from Victoria University of Wellington has found.
“At home there’s no punishment for not taking measures to protect yourself so it really comes down to individual initiative.
“I was surprised that so many people said they were too lazy to deal with the issue, although I suspect sometimes this was to conceal a lack of knowledge, as people prefer to be seen as lazy rather than incompetent. But others simply weren’t concerned about their own cybersecurity,” said Nicole Braun, a masters student in information systems, who conducted the research.
She conducted the research to understand why home users do not adequately protect themselves online, despite extensive media coverage.
Braun identified five animals that characterise the most typical security users, and suggests the best way of reaching each group. They are the: mouse (timid, low confidence), ostrich (low awareness, ignores the risks), coyote (knowledgeable but willing to take risks if the payoff is there), dark horse (good at protecting their security but lack confidence) and cockerel (proud of their security knowledge).
“Some people are blindly trusting of every website they come across, without considering that legitimate websites can get hacked, so don't feel the need to take preventative measures.
“Then there are the people who think they will be safe from all harm as long as they use anti-virus software. However, we’re seeing more and more that just using anti-virus software isn’t enough.”
People’s previous experience was found to impact on how confident they felt in their ability to protect themselves. For instance, people who had experienced a virus on their computer that had either made them lose data or money from credit card fraud were more confident if they had managed to solve the problem.
Reliance on others was also found to be common, particularly women who relied on their husbands to protect them, or older users who were reliant on their children. “It takes time to find out what steps can be taken to protect yourself, so many of these people were happy to leave the problem in someone else’s hands.”
“My research made it clear that creating a ‘one size fits all’ security message isn’t effective, as you are dealing with such a range of personality types. I’d like to see more tailored messages getting out there,” she said.
Braun’s research was supervised by Dr Val Hooper, an associate professor and PhD programme director Dr Dan Dorner both in the school of information management.