The Development of Intervention E-Learning Materials and Implementation Techniques For Cyber-Security Behaviour Change

Many organisations show compliance in running security awareness programmes, but this does not necessarily mean end users will change their behavior. This highlights one of the main challenges in cyber security. Providing awareness in a tool is a useful first step but it doesn’t necessarily lead to changing behaviour [3]. In contrast, completing compliance or achieving competence can actually lead people to being more averse to change than before or even partaking in risky behaviour. This paper describes the collaboration between a specialist computer business (LiMETOOLS) and psychology academics to draw on psychology theory (e.g. Social Cognitive Theory, [4]) and pedagogy (e.g. self-directed learning) to create innovative techniques using interactive learning tools resulting in behaviour change. The aim of this article is to show how we have moved beyond developing materials that change awareness, to those that effectively change digital behaviour. We examine methodologies that can be integrated within online learning tools to embed text, video clips, gamification, and quizzes to encourage measurable cyber security behaviour change. A challenge within behaviour change is the maintenance of these behaviours and we are exploring the potential impact of using ‘drip-feed learning’ in the form of a short video magazine with embedded quizzes and ‘nudges’ of behaviour changes that have previously learnt, delivered over a long period of time in very short stimulus packages.