Cyber Security Awareness Campaigns: Why do they fail to change behaviour?

The present paper focuses on Cyber Security Awareness Campaigns, and aims to identify key factors regarding security which may lead them to failing to appropriately change people’s behaviour. Past and current efforts to improve information-security practices and promote a sustainable society have not had the desired impact. It is important therefore to critically reflect on the challenges involved in improving information-security behaviours for citizens, consumers and employees. In particular, this paper considers these challenges from a Psychology perspective, as we believe that understanding how people perceive risks is critical to creating effective awareness campaigns.

The article reviews the suitability of persuasion techniques, including the widely used ‘fear appeals’. From this range of literature, an essential components for an awareness campaign is extracted as well as factors which can lead to a campaign’s success or failure. Finally, examples of existing awareness campaigns in different cultures (the UK and Africa) are presented and reflected upon.