What breach? Measuring online awareness of security incidents by studying real-world browsing behavior

Sruti Bhagavatula, Lujo Bauer, Apu Kapadia

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Learning about real-world security incidents and data breaches can inform people how their information is vulnerable online and thus encourage safer security behavior. This paper examines 1) how often people read about security incidents online, 2) of those people, whether and to what extent they follow up with an action (e.g., trying to read more about the incident), and 3) what influences the likelihood that they will read about an incident and take some action. Our quantitative study of the real-world internet-browsing behavior of 303 participants finds a low level of awareness. Only 16% of participants visited any web page related to six widely publicized large-scale security incidents; few read about an incident even when it was likely to have affected them. We also found that more severe incidents and articles that constructively spoke about the incident were associated with more action. Our findings highlight two issues: 1) security awareness needs to be increased; and 2) current awareness is so low that expecting users to be aware and take remedial action may not be effective.

Original languageEnglish (US)
Title of host publicationProceedings - EuroUSEC 2021
Subtitle of host publication2021 European Symposium on Usable Security
PublisherAssociation for Computing Machinery
Number of pages20
ISBN (Electronic)9781450384230
StatePublished - Oct 11 2021
Externally publishedYes
Event2021 European Symposium on Usable Security, EuroUSEC 2021 - Virtual, Online, Germany
Duration: Oct 11 2021Oct 12 2021

Publication series

NameACM International Conference Proceeding Series


Conference2021 European Symposium on Usable Security, EuroUSEC 2021
CityVirtual, Online


  • Data breaches
  • Security awareness
  • Security incidents

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications


Dive into the research topics of 'What breach? Measuring online awareness of security incidents by studying real-world browsing behavior'. Together they form a unique fingerprint.

Cite this