Dr Inka Karppinen
Lead Behavioral Scientist
Cyber security quirks
How can we personalise security training and awareness programmes to improve human cyber resilience?
Dr Inka Karppinen, CPsychol is a Lead Behavioural Scientist with a passion for cyberpsychology. She works for CybSafe, an award-winning start-up changing the way people think about human cyber risk. Inka is interested in all aspects of helping people, which has led her on a unique path encompassing both industry and academia.
She has an MRes and a PhD in Security and Crime Science from the University College London (UCL) and MSc in Occupational Psychology from Birkbeck. She is a Chartered Psychologist with the British Psychological Society (BPS) and an expert fellow of the Security, Privacy, Identity, Trust Engagement NetworkPlus (Sprite+). She is a strong advocate for bringing together people involved in research, practice and policy.
Inka applies mixed methods research techniques to uncover people’s cyber security attitudes and behaviours and designs digital interventions. She loves translating the latest findings into real-world, workable solutions that have a meaningful impact on people’s lives.
Existing work in the cyber security field has primarily been focussed on raising security awareness by ‘fear’ appeals as a means to change behaviour and there has been little work on the role of personalisation. Together with poorly understood barriers to security behaviour change, they have led to fairly generic ‘one-size-fits-all’ informational campaigns that do not serve people effectively. The challenge with any approach that uses personalisation is ensuring that it uses the correct factors and logic to determine what to personalise. Guided by theoretical and evidence-based research, we assessed common barriers to security behaviour change using the National Cyber Security Centre’s key behaviours for staying safe online.
The Capability, Opportunity and Motivation – Behaviour (COM-B) model was used as the base framework. We examined a range of individual factors that could be used for their potential for personalisation and applied Behaviour Change Techniques (BCTs) for our digital intervention. In this presentation, we cover key personalisation factors and shed light into the development of our digital intervention sharing both qualitative and quantitative results of its effectiveness. This year-long project helped to inform what personalisation factors and techniques could be used within security awareness and training at an individual level. These learnings could also be implemented at an organisational level by cyber security professionals informing their cyber security programmes.