What breach? Measuring online awareness of security incidents by studying real-world browsing behavior

Sruti Bhagavatula, Lujo Bauer, Apu Kapadia

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Scopus citations

Abstract

Learning about real-world security incidents and data breaches can inform people how their information is vulnerable online and thus encourage safer security behavior. This paper examines 1) how often people read about security incidents online, 2) of those people, whether and to what extent they follow up with an action (e.g., trying to read more about the incident), and 3) what influences the likelihood that they will read about an incident and take some action. Our quantitative study of the real-world internet-browsing behavior of 303 participants finds a low level of awareness. Only 16% of participants visited any web page related to six widely publicized large-scale security incidents; few read about an incident even when it was likely to have affected them. We also found that more severe incidents and articles that constructively spoke about the incident were associated with more action. Our findings highlight two issues: 1) security awareness needs to be increased; and 2) current awareness is so low that expecting users to be aware and take remedial action may not be effective.

Original languageEnglish (US)
Title of host publicationProceedings - EuroUSEC 2021
Subtitle of host publication2021 European Symposium on Usable Security
PublisherAssociation for Computing Machinery
Pages180-199
Number of pages20
ISBN (Electronic)9781450384230
DOIs
StatePublished - Oct 11 2021
Event2021 European Symposium on Usable Security, EuroUSEC 2021 - Virtual, Online, Germany
Duration: Oct 11 2021Oct 12 2021

Publication series

NameACM International Conference Proceeding Series

Conference

Conference2021 European Symposium on Usable Security, EuroUSEC 2021
Country/TerritoryGermany
CityVirtual, Online
Period10/11/2110/12/21

Funding

This work was supported in part by the Carnegie Mellon University CyLab Security and Privacy Institute. Parts of the dataset we used were created through work supported by the National Security Agency under Award No. H9823018D0008. We would also like to thank Jeremy Thomas and Sarah Pearman for help with working with the SBO data.

Keywords

  • Data breaches
  • Security awareness
  • Security incidents

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'What breach? Measuring online awareness of security incidents by studying real-world browsing behavior'. Together they form a unique fingerprint.

Cite this