Falling and failing (to learn): Evidence from a nation-wide cybersecurity field experiment with SMEs

IF 2.3 3区经济学 Q2 ECONOMICS

Journal of Economic Behavior & Organization Pub Date : 2025-02-01 DOI:10.1016/j.jebo.2024.106868

David Gonzalez-Jimenez , Francesco Capozza , Thomas Dirkmaat , Evelien van de Veer , Amber van Druten , Aurélien Baillon

{"title":"Falling and failing (to learn): Evidence from a nation-wide cybersecurity field experiment with SMEs","authors":"David Gonzalez-Jimenez , Francesco Capozza , Thomas Dirkmaat , Evelien van de Veer , Amber van Druten , Aurélien Baillon","doi":"10.1016/j.jebo.2024.106868","DOIUrl":null,"url":null,"abstract":"<div><div>Prior experiences are crucial in shaping risk prevention behavior. Previous studies have shown that experiencing a simulated phishing attack (a “phishing drill”) reduces the likelihood of clicking on unsafe links and disclosing one’s password. In a large field experiment involving 670 small and medium-sized enterprises (SMEs) and their 33,000 employees, we examined the impact of experience on individuals’ ability to detect cyber-security threats, and whether this effect persisted over several months. We collected data at both the company and individual levels, including risk preference, time preference, and trust. Our findings indicate only a non-systematic, short-term effect of previous phishing emails on clicking behavior. A cluster of individuals with greater patience, trust, and risk seeking was more likely to click on phishing links in the first place but then also more likely to benefit from phishing drills.</div></div>","PeriodicalId":48409,"journal":{"name":"Journal of Economic Behavior & Organization","volume":"230 ","pages":"Article 106868"},"PeriodicalIF":2.3000,"publicationDate":"2025-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Economic Behavior & Organization","FirstCategoryId":"96","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167268124004827","RegionNum":3,"RegionCategory":"经济学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"ECONOMICS","Score":null,"Total":0}

引用次数: 0

Abstract

Prior experiences are crucial in shaping risk prevention behavior. Previous studies have shown that experiencing a simulated phishing attack (a “phishing drill”) reduces the likelihood of clicking on unsafe links and disclosing one’s password. In a large field experiment involving 670 small and medium-sized enterprises (SMEs) and their 33,000 employees, we examined the impact of experience on individuals’ ability to detect cyber-security threats, and whether this effect persisted over several months. We collected data at both the company and individual levels, including risk preference, time preference, and trust. Our findings indicate only a non-systematic, short-term effect of previous phishing emails on clicking behavior. A cluster of individuals with greater patience, trust, and risk seeking was more likely to click on phishing links in the first place but then also more likely to benefit from phishing drills.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Economic Behavior & Organization ECONOMICS-

CiteScore

3.80

自引率

9.10%

发文量

392

期刊介绍： The Journal of Economic Behavior and Organization is devoted to theoretical and empirical research concerning economic decision, organization and behavior and to economic change in all its aspects. Its specific purposes are to foster an improved understanding of how human cognitive, computational and informational characteristics influence the working of economic organizations and market economies and how an economy structural features lead to various types of micro and macro behavior, to changing patterns of development and to institutional evolution. Research with these purposes that explore the interrelations of economics with other disciplines such as biology, psychology, law, anthropology, sociology and mathematics is particularly welcome.