Behaviour change and prevention

Cybersecurity is often thought of as a technological issue, but it is a phenomenon that is fundamentally driven by human behaviour and decision making. Research has been conducted on how to use prevention, harm reduction, and behaviour change techniques to improve cybersecurity, although it could be argued that to date this work has not made full use of the extensive evidence that comes from psychological research into behaviour change in other areas. This chapter explored some of the theories that have been used as the basis for behaviour change and prevention work in cybersecurity, including Nudge Theory, COM-B, the Theory of Planned Behaviour and Social Cognitive Theory. Overlaps between these models are identified, and the barriers that may hinder the implementation of these theories in real world settings are discussed. It is noted that the prevention and behaviour strategies should not be limited to those who may be the target of cyber-attacks, but also to those who may become involved in cybercrime as attackers.