Falling and failing (to learn) : Evidence from a nation-wide cybersecurity field experiment with SMEs
Fiche du document
1 février 2025
- ISIDORE Id: 10670/1.8c8279...
- hal: hal-04875787
- doi: 10.1016/j.jebo.2024.106868
Ce document est lié à :
info:eu-repo/semantics/altIdentifier/doi/10.1016/j.jebo.2024.106868
info:eu-repo/semantics/OpenAccess
Sujets proches
Carding (Internet fraud) Spoofing, Brand (Internet fraud) Brand spoofing (Internet fraud)Citer ce document
David Gonzalez-Jimenez et al., « Falling and failing (to learn) : Evidence from a nation-wide cybersecurity field experiment with SMEs », HAL SHS (Sciences de l’Homme et de la Société), ID : 10.1016/j.jebo.2024.106868
Métriques
Partage / Export
Résumé
Prior experiences are crucial in shaping risk prevention behavior. Previous studies have shown that experiencing a simulated phishing attack (a “phishing drill”) reduces the likelihood of clicking on unsafe links and disclosing one’s password. In a large field experiment involving 670 small and medium-sized enterprises (SMEs) and their 33,000 employees, we examined the impact of experience on individuals’ ability to detect cyber-security threats, and whether this effect persisted over several months. We collected data at both the company and individual levels, including risk preference, time preference, and trust. Our findings indicate only a non-systematic, short-term effect of previous phishing emails on clicking behavior. A cluster of individuals with greater patience, trust, and risk seeking was more likely to click on phishing links in the first place but then also more likely to benefit from phishing drills.
