Anecdotal stories about security threats told to non-experts by friends, peers, or the media have been shown to be im- portant in forming mental models and secure behaviors. In 2012, Rader et al. conducted a survey (n=301) of security stories with a student sample to determine factors that influence security perceptions and behavior. We replicated this survey with a more diverse sample (n=299), including different age groups and educational backgrounds. We were able to confirm many of the original findings, providing further evidence that certain characteristics of stories increase the likelihood of learning and retelling. Moreover, we contribute new insights into how people learn from stories, such as that younger and higher educated people are less likely to change their thinking or be emotionally influenced by stories. We (re)discovered all of the threat themes found by Rader et al., suggesting that these threats have not been eliminated in the last decade, and found new ones such as ransomware and data breaches. Our findings help to improve the design of security advise and education for non-experts.
History
Preferred Citation
Katharina Pfeffer, Alexandra Mai, Edgar Weippl, Emilee Rader and Katharina Krombholz. Replication: Stories as Informal Lessons about Security. In: Symposium on Usable Privacy and Security (SOUPS). 2022.
Primary Research Area
Empirical and Behavioral Security
Name of Conference
Symposium on Usable Privacy and Security (SOUPS)
Legacy Posted Date
2022-08-05
Open Access Type
Green
BibTeX
@inproceedings{cispa_all_3741,
title = "Replication: Stories as Informal Lessons about Security",
author = "Pfeffer, Katharina and Mai, Alexandra and Weippl, Edgar and Rader, Emilee and Krombholz, Katharina",
booktitle="{Symposium on Usable Privacy and Security (SOUPS)}",
year="2022",
}