Abstract

With the surge in cyber incidents in recent years, many linked to human error, governments are quite naturally developing security campaigns to improve citizens’ security behaviour. However, it remains not only unclear how successful these campaigns are in changing behaviour, but also what established behaviour change techniques—if any—they employ in order to achieve this goal. To investigate this, we analysed 17 government-sponsored cybersecurity campaign materials. We coded the materials for their intervention functions according to the Behaviour Change Wheel and their behaviour change techniques in accordance with the Behavioural Change Technique Taxonomy (version 1). Our findings show that security campaigns are often focused on education and increasing awareness, under the assumption that as long as citizens are aware of the risk, and are provided with information on how to improve their security behaviour, behaviour will change. Additionally, there is a lack of published effectiveness studies investigating the direct effects of a governmental cybersecurity campaign. Proposed improvements to security campaigns are discussed.

中文翻译：

---

政府主导的网络安全意识运动使用哪些（如果有）行为改变技术？

摘要

近年来，随着网络事件激增，其中许多与人为错误有关，政府自然而然地开展了安全运动，以改善公民的安全行为。但是，不仅不清楚这些运动在改变行为方面有多成功，而且还不清楚为实现该目标而采用了哪些既定的行为改变技术（如果有）。为了对此进行调查，我们分析了17种政府资助的网络安全运动材料。我们根据行为改变轮和行为改变技术分类法（版本1）对它们的干预功能进行了编码。我们的研究结果表明，只要公民意识到风险，安全运动通常就着重于教育和提高意识。并提供了有关如何改善其安全行为的信息，行为将发生变化。此外，缺乏公开的有效性研究来调查政府网络安全运动的直接影响。讨论了对安全运动的建议改进。