REVIEW
What breach? Measuring online awareness of security incidents by studying real-world browsing behavior
Not yet reviewed by Pith; the record is open.
This paper has not been read by Pith yet. Machine review is queued; the pith claim, tier, and objections will appear here once it completes.
SPECIMEN: schema-true, not a live event
T0 review · schema-true
One-sentence machine reading of the paper's core claim.
pith:XXXXXXXX · record.json · timestamp
What breach? Measuring online awareness of security incidents by studying real-world browsing behavior
read the original abstract
Awareness about security and privacy risks is important for developing good security habits. Learning about real-world security incidents and data breaches can alert people to the ways in which their information is vulnerable online, thus playing a significant role in encouraging safe security behavior. This paper examines 1) how often people read about security incidents online, 2) of those people, whether and to what extent they follow up with an action, e.g., by trying to read more about the incident, and 3) what influences the likelihood that they will read about an incident and take some action. We study this by quantitatively examining real-world internet-browsing data from 303 participants. Our findings present a bleak view of awareness of security incidents. Only 16% of participants visited any web pages related to six widely publicized large-scale security incidents; few read about one even when an incident was likely to have affected them (e.g., the Equifax breach almost universally affected people with Equifax credit reports). We further found that more severe incidents as well as articles that constructively spoke about the incident inspired more action. We conclude with recommendations for specific future research and for enabling useful security incident information to reach more people.
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.