Cyber Security Across the Lifespan (CSALSA)


Dates: February 2017 – September 2020

Lead researchers: Professor Adam Joinson, University of Bath


The experience and understanding of cyber security is not the same for everyone. This project looked to address the fundamental challenge of how we can more fully understand a diverse range of cyber security experiences, attitudes and behaviours in order to design better, more effective cyber security services and educational materials. It considered how cyber security is understood by people over the course of their lives, and how that changing understanding relates to their risk and behaviour. People’s attitudes and behaviours towards cyber security and risk change across the lifespan in sync with their goals and aspirations, cognitive abilities and knowledge and ability to control and adapt their cyber security behaviour.

The research included interviews with families to explore how they manage cyber security in their homes, and highlighted the management of cybersecurity as an evolving process of negotiation. While parents stated that managing family security in the digital age brought new challenges, they recognised similar challenges to previous generations, including ‘stranger danger’ and chain letters, where the principle is the same, but the medium isdifferent.

Communications on cybersecurity might benefit from a reflection on this project finding – namely, that different groups have varied ways of defining cybersecurity terms. To this end, the research team produced a dictionary of key cyber security terms which reflects the terms most commonly understood and used by teenagers, working age adults and older adults. However, this variance is still not well understood.

Policy implications

This work found that the meaning of cybersecurity differs substantially between young people, those of working age, and older adults. This has implications for policy makers working on the national cyber security agenda because training and education materials might not have the impact they could if they are not recognised by people as being of concern. For example, the work established the ways that older adultscommunicate and receive information about cybersecurity and identified potential issues for the ways that government may wish to send out information targeted at older adults.

Communications on cybersecurity therefore need to address the finding that different groups have varied ways of defining cybersecurity terms.

Project findings have been communicated to the Home Office Cybercrime Unit and the DCMS Secure by Design Team.


Literature review, experiments, qualitative interviews with software developments 

Funders: EPSRC

External collaborators: NCSC, BAE Systems, HP Research Laboratories.


Posted on

December 9, 2021