| Title | Who Would Bob Blame? Factors in Blame Attribution in Cyberattacks Among the Non-Adopting Population in the Context of 2FA |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Peck, Sarah Marie, Khan, Mohammad Maifi Hasan, Fahim, Md Abdullah Al, Coman, Emil N, Jensen, Theodore, Albayram, Yusuf |
| Conference Name | 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC) |
| Keywords | attribution, Biological system modeling, Blame Attribution, Companies, composability, computer security, cybersecurity, Electronic mail, Human Behavior, Metrics, pubcrawl, risk communication, Sociology, Statistics |
| Abstract | This study focuses on identifying the factors contributing to a sense of personal responsibility that could improve understanding of insecure cybersecurity behavior and guide research toward more effective messaging targeting non-adopting populations. Towards that, we ran a 2(account type) x2(usage scenario) x2(message type) between-group study with 237 United States adult participants on Amazon MTurk, and investigated how the non-adopting population allocates blame, and under what circumstances they blame the end user among the parties who hold responsibility: the software companies holding data, the attackers exposing data, and others. We find users primarily hold service providers accountable for breaches but they feel the same companies should not enforce stronger security policies on users. Results indicate that people do hold end users accountable for their behavior in the event of a breach, especially when the users' behavior affects others. Implications of our findings in risk communication is discussed in the paper. |
| DOI | 10.1109/COMPSAC48688.2020.0-166 |
| Citation Key | peck_who_2020 |
Who Would Bob Blame? Factors in Blame Attribution in Cyberattacks Among the Non-Adopting Population in the Context of 2FA