To encourage secure online behaviour, warning messages that tell users what they can do to protect themselves are more effective than warning messages that raise fear about the risks of unsecured behaviour.

These were the conclusions of a paper recently published by our colleagues from Behavioural Insights, René van Bavel and Nuria Rodríguez-Priego.

The relevance of this paper is that too many campaigns use warning messages that raise fear, and not enough focus on telling the user what to do. Moreover, human behaviour is the weakest link in the fight against cybercrime. You might have the most technologically sophisticated programmes to protect users from cyber-threats, but as long as Internet user’s behaviour is not secure, the risk will exist. This is why it is so important to find ways to get people to behave safe online, and this is what makes this paper policy-relevant.

Rene, Nuria and the other authors conducted an online experiment on a representative sample of internet users in Germany, Sweden, Poland, Spain and the UK to explore the effect of notifications on security behaviour. Inspired by protection motivation theory (PMT), a coping message advised participants on how to minimize their exposure to risk and a threat appeal highlighted the potential negative consequences of not doing so.



In simple words, If you don’t do this, data will be compromised (threat appeal) versus You can minimise the possibility of a cyber-attack if you choose safe connections, remember to log out and use secure password – which is a coping message.

According to the paper, both increased secure behavior – but the coping message significantly more so. The coping message was also as effective as both messages combined, but not so the threat appeal. Risk attitudes, age and country had a significant effect on behavior.

In conclusion, initiatives seeking to promote secure behavior should focus more on coping messages, either alone or in combination with fear appeals.

To read more, please find their paper here:


1 comment

Leave a comment