Cyber Security Quirks: Personalised Interventions for Human Cyber Resilience

Dates: May 2020 – March 2021

Lead researchers: Dr John Blythe and Dr Inka Karppinen, Cybsafe


Existing work in the cyber security field has primarily been focussed on raising security awareness by ‘fear’ appeals as means to change behaviour and there has been little work on the role of personalisation harnessing individual differences. Together with poorly understood barriers to security behaviour change they have led to fairly generic ‘one-size-fits-all’ informational campaigns that do not serve people effectively. Thus, research lags behind interventions used within the public health sphere. Moving away from generic security awareness raising, approaches that are tailored to people’s needs and apply behavioural change techniques are needed. The overall objectives of this project were to:

• identify factors for personalisation;
• assess the usability of a personalised behaviour change intervention; and
• evaluate the effectiveness of the intervention for changing cyber security behaviour.

A rapid evidence assessment, guided by theoretical and evidence-based research, was conducted to achieve the first objective. Barriers to security behaviour change were also identified. The study also focused on the evaluation of the personalised intervention including a usability study and experimental evaluation of the effectiveness of the intervention for changing behaviour.

Policy implications

People’s idiosyncrasies are not served by the current awareness and behaviour change campaigns. Exploring the use of behaviour change techniques and personalised interventions are important for advancing current campaigns that are group level in focus and static in delivery. Many groups are under-represented in awareness campaigns (e.g. older adults) and, thus, individual differences that influence the degree to which an individual engages in an intervention, are rarely considered. This project adjusted intervention content and delivery to suit individual variability. Furthermore, this innovative approach went beyond using ‘fear’ to change behaviour by using structured approaches (e.g. Behaviour Change Wheel) to apply behaviour change techniques that are appropriate for the cyber security behavioural barriers. Personalisation of behaviour change techniques, alongside other personalisation factors (e.g. age and personality), allowed the research team to understand what combination of interventions works for individuals. These findings have wider implications on the way which cyber security behaviour change initiatives are rolled out to the general public.

Find out more

To find out more about the project please contact

Funders: Home Office


Posted on

December 9, 2021