Cognitive Dissonance - Behaviour and Attitudes Towards Cyber Security In The Modern Workforce

May 26, 2021

A recent webinar hosted Cyber Security Academic & Advisor, Dr.Jay Jeong, and LogMeIn/LastPass Senior Manager and Account Executive, Lloyd Evans discussing the cognitive dissonance between the attitudes of individuals and organizations and what they actually do.

The differences between what we say and what we do

Cognitive dissonance (the difference between our beliefs, opinions, attitudes and our behaviour in practice) is a real issue when it comes to cyber security, in particular password security. The truth is that nearly everyone knows what a good password looks like and what the best practices surrounding password management are; however a much smaller proportion of individuals actually put them into practice.

This has been a question from many in cybersecurity on why despite the plethora of password managers and multi-factor authentication applications available, there is a real difficulty adopting them despite the numerous benefits of using these security applications.

The behavioural science behind why we do the things we do

There are 4 components that Jay identified that impact a person’s decision to adopt a specific behaviour. They include:

Performance expectancy – If I adopt this, will it benefit me?
Effort Expectancy – Is the application easy and intuitive to use?
Social Influence – Are the people around me using and talking about this technology?
Facilitating Condition – Will it do what it says it will do? Can I expect sufficient support from the developers and my organization?

Take for example, Multi-Factor Authentication (MFA). There are a number of different intuitive and easy-to-use MFA applications for mobile out there and many more coming out that make it even easier, hence many user’s would rank MFA high on Effort Expectancy. However, MFA developers will fail to get sufficient traction if they don’t educate users on why specifically it’s beneficial to use: that’s the Performance Expectancy part.

An increase in all four components can increase the likelihood that an individual chooses to adopt a certain technology or behaviour. However, if these 4 elements are absent in the process of adopting cyber security procedures, attitudes then changing behaviour is far more difficult.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Archives

Categories

Meta

Tags

Cognitive Dissonance – Behaviour and Attitudes Towards Cyber Security In The Modern Workforce

Leave a Comment Cancel reply