High Risk Websites has a market
For any business organization, it is not enough to create a secure information architecture. To stay safe, companies must address the human factors that affect cybersecurity. When employees take computer security lightly, they put the organization’s systems at risk.
In a study published by the Americas Conference on Information Systems (AMCIS), researchers Li-Chiou Chen and Daniel Farkas at Pace University, New York, conducted a study that sought to understand how people make computer security decisions. They wanted to know if users would be willing to buy from a shady website if the price was lower than at a more secure online store. They sought to understand how much lower the price would have to be for the user to be comfortable enough to purchase on the shady website.
Monetary Rewards, Culture, and Security Skills
The study involved 131 undergraduate and graduate students taking courses both in-person and online at a university in the U.S, 121 of which completed the whole survey. The participants included graduate students from Bangalore, India, who were taking the courses over the internet.
In one scenario, the subjects were presented with a situation where they could buy a digital camera at a low price but from a website with a heightened security risk.
41% chose to buy the camera while 59% declined regardless of how much cheaper the camera was on the online store that had security risk.
Other findings of the study include:
- Culture was an important factor in whether a participant was willing to tradeoff security for a reward. The Indian students accepted the reward at a higher rate than non-Indian students.
- Students who had more security skills, like using software that detects spyware, or encryption in emails, were more likely to reject monetary rewards than those with no security skills. The participants who had more security skills had a higher perception of computer security risk. They were unwilling to accept a monetary reward because of the possibility that doing so could compromise their computer security. Training users in computer security could be the key to reducing cybersecurity risks.