Login or signup to connect with paper authors and to register for specific Author Connect sessions (if available).
An Organizational Field Experiment on Phishing and Cybersecurity Risk Homeostasis Theory
Katharina Hobbensiefken, Bryan Balk, Andreas Peter, Philipp Staudt
Phishing remains a persistent cybersecurity threat, with attackers continuously refining their techniques to evade detection. This study applies Risk Homeostasis Theory (RHT) to understand employee behavior in response to phishing attacks within a large organization. Through a 2x2 between-subjects field experiment involving 400 employees, we assess the impact of cybersecurity training and phishing incident reports on phishing susceptibility. Our findings suggest that general cybersecurity training alone does not immediately reduce phishing risk, but phishing-specific training significantly improves employee susceptibility. Regular phishing incident reports initially enhance risk awareness and reduce susceptibility; however, this effect diminishes over time. Interestingly, combining training and reports does not yield significant improvements, raising questions about the effect of combined interventions. This study provides the first empirical insights into RHT’s application in cybersecurity and highlights the importance of targeted interventions to enhance organizational resilience against phishing threats.
AuthorConnect Sessions
No sessions scheduled yet