Bernold Nieuwesteeg, director of the Center for the Law and Economics of Cyber Security at Erasmus School of Law, wrote a paper on more effective ways of combating cybercrime, together with other cybercrime experts from the Dutch Cyber Security Lab.
Users of the Internet and other digital services are often viewed as the weakest link in the cybersecurity chain. Organisations are trying to make users aware of the risks in order to protect them from things like phishing and the use of weak passwords.
Various studies have shown that only raising awareness of the risks in the digital world does not have the desired effect. Having more knowledge can even lead to less secure cyber behaviour, presumably because people with more knowledge dare to take more risks. The Cyber Security Lab addresses two issues in the search for safer cyber behaviour among users: what else should we do (besides stimulating awareness)? And how do we ensure that organisations actually go the extra mile?
Two important aspects emerge from the Cyber Security Lab's observations. First, fundamental insights into the behaviour of users and how they respond to interventions are essential. In addition, the Lab's experts realise that there is a need for more knowledge about user behaviour in both companies and academia. Behavioural science into cybersecurity is relatively new and companies do not seem to have the resources for thorough customer research.
From the research, three actions were formulated that can contribute to solving this problem. Firstly, investments must be made for developing one single vision and fundamental and practice-oriented research into behaviour within the digital world. Secondly, cooperation between industry and science must be stimulated and preconditions must be set for data exchange between companies and academia.