“Cross Your Fingers and Hope You Don’t Get Hacked” : A Qualitative Study on The Psychological Factors Behind Non-Compliance with Cybersecurity Recommendations

Sammanfattning: Cybersecurity is one of the most important issues in today’s digitalized society, with new technology and security policies constantly being developed. However, one of the largest challenges threatening cybersecurity is the human factor — an aspect that is often overlooked in cybersecurity research and development. Research shows a dissonance between security awareness and level of concern and security behaviours, finding that people are likely to disregard security recommendations and circumvent security measures at the expense of their own online safety. Prominent psychological theories on the topic largely examine the issue from a cognitive, affective, or behavioural perspective, while neglecting to consider a more integrative explanation. An exploratory qualitative study was conducted through interviews with students at Uppsala University in order to identify and analyse underlying psychological phenomena influencing and guiding user behaviours, perspectives and attitudes from a multi-dimensional angle. Three main themes were identified: resignation, naivety, and convenience. Analysis of these themes in relation to existing theories suggests a significant impact on security behaviour and attitudes, through complex mechanisms of interaction and contradiction.