Despite record investment from the government and the private sector for the prevention and defense against cyber attacks, cybercrime continues to rise every year. The cost of cybercrime is estimated to be around 0.8% of global GDP annually. Examples of cyber attacks include identity theft, phishing, privacy breaches and malware infections. Strong ciphers and emerging technologies such as the blockchain have been developed that provide high levels of technical assurance. However, all cybercrimes require human activity or intervention in a technical process to succeed, including clicking on inappropriate links or ads, or visiting compromised websites. Thus, the success of these attacks can largely be attributed to the human factor. Therefore, it is of great importance to perform fundamental research into explaining (a) why ordinary people consistently make the same errors of reasoning, which facilitate malware and phishing attacks, resulting in very significant economic losses, and (b) why companies fail to design products that prevent cybercrime, or respect privacy. For example, businesses and the government currently struggle to (a) develop, implement and evaluate appropriate cybersecurity policies, guidelines, procedures and standards, and (b) build and design products with privacy and respect for their users and the societies in which they operate, due to the absence of appropriate theoretical frameworks, models and metrics, which are clearly grounded in contemporary psychological theory.
This Research Topic will focus on basic psychological research to explain how and why cybercrime occurs, and what strategies or interventions could be useful for reducing the risk for the global internet user base. The final aim is to design systems that are more resilient in the face of determined adversaries, and which facilitate privacy by design. Therefore, we welcome submissions that address the following fields/topics:
1) Theoretical discussions of basic psychological processes (e.g., cognitive load, levels of processing, motivation, habituation, reinforcement learning) and their relationship to cybercrime victim behavior
2) Research on personality characteristics and profiles of cybercrime offenders (otherwise known as hackers), including possible autistic traits in hackers
3) Empirical studies on the development of tests or instruments to predict the cyber risk of individuals or businesses, including victim profiling
4) Population-wide studies of cyber epidemiology that can be used to profile baseline susceptibility, and potentially measure the impact of countermeasures
5) Design and evaluation of gamification and other interventions that can teach people how to thwart phishing attacks
6) Measurement of the impact of different types of warning messages and/or education, training and awareness campaigns on user behavior
7) Hacker group dynamics, including group formation and disruption
8) Models of behavioral economics and mental models of people’s understanding of the relationship between risk and reward, especially the paths by which human behavior can be manipulated
Despite record investment from the government and the private sector for the prevention and defense against cyber attacks, cybercrime continues to rise every year. The cost of cybercrime is estimated to be around 0.8% of global GDP annually. Examples of cyber attacks include identity theft, phishing, privacy breaches and malware infections. Strong ciphers and emerging technologies such as the blockchain have been developed that provide high levels of technical assurance. However, all cybercrimes require human activity or intervention in a technical process to succeed, including clicking on inappropriate links or ads, or visiting compromised websites. Thus, the success of these attacks can largely be attributed to the human factor. Therefore, it is of great importance to perform fundamental research into explaining (a) why ordinary people consistently make the same errors of reasoning, which facilitate malware and phishing attacks, resulting in very significant economic losses, and (b) why companies fail to design products that prevent cybercrime, or respect privacy. For example, businesses and the government currently struggle to (a) develop, implement and evaluate appropriate cybersecurity policies, guidelines, procedures and standards, and (b) build and design products with privacy and respect for their users and the societies in which they operate, due to the absence of appropriate theoretical frameworks, models and metrics, which are clearly grounded in contemporary psychological theory.
This Research Topic will focus on basic psychological research to explain how and why cybercrime occurs, and what strategies or interventions could be useful for reducing the risk for the global internet user base. The final aim is to design systems that are more resilient in the face of determined adversaries, and which facilitate privacy by design. Therefore, we welcome submissions that address the following fields/topics:
1) Theoretical discussions of basic psychological processes (e.g., cognitive load, levels of processing, motivation, habituation, reinforcement learning) and their relationship to cybercrime victim behavior
2) Research on personality characteristics and profiles of cybercrime offenders (otherwise known as hackers), including possible autistic traits in hackers
3) Empirical studies on the development of tests or instruments to predict the cyber risk of individuals or businesses, including victim profiling
4) Population-wide studies of cyber epidemiology that can be used to profile baseline susceptibility, and potentially measure the impact of countermeasures
5) Design and evaluation of gamification and other interventions that can teach people how to thwart phishing attacks
6) Measurement of the impact of different types of warning messages and/or education, training and awareness campaigns on user behavior
7) Hacker group dynamics, including group formation and disruption
8) Models of behavioral economics and mental models of people’s understanding of the relationship between risk and reward, especially the paths by which human behavior can be manipulated
