Delft University of Technology (TU Delft)
You have left me no choices: security economics to inform behaviour intervention support in organizations
“A security choice architecture is essentially decentralized and cannot be wholly dictated by any one stakeholder.”
- Secure working processes are often insufficiently defined or aligned with workplace pressures, resulting in gaps that could undermine security practices. The research revisited economics principles (traditional economics – rational agent & behavioural economics -bounded agent) to identify gaps in support and opportunities to do better.
- Security policies in organisations overlook the (1) brief consideration of cost and insufficient resources, (2) incomplete information and insufficient skills, (3) quick consideration of risks and gains by framing policy behaviours as the one choice, and (4) quick evaluation of available behaviours by ignoring similar behaviours.
- Therefore, when formulating a security policy, organisations need to aim for consistent strategy by capturing users’ knowledge, testing and certifying that the update works, informing costs, gains and losses, providing only viable options, and designing resilient choices (e.g., not updating is a choice).
More about Simon
Simon Parkin is an Assistant Professor in sociotechnical cybersecurity at Delft University of Technology (TU Delft), Netherlands. Simon’s research focus is on human-centred security – usability and perceptions of security-related technologies for employees and home users, security behaviour change, security economics, and decision-making in security management. Before joining TU Delft, Simon was a Senior Research Fellow at University College London (2012-2020). Prior to that, Simon was at Newcastle University where he also completed his PhD in 2007. Wider research interests include identifying unintended harms to users resulting from technology and policy decisions, and usability challenges in shared smart home environments.