Information security (InfoSec) represents a significant challenge for private citizens, corporations, and government entities. Breaches of InfoSec, may lower consumer confidence (Yayla & Hu, 2011), shape national and international politics (Groll, 2017), and represent a significant threat to the world economy (e.g., estimated costs of breaches related to cybercrime were $3 trillion in 2015; Cybersecurity Ventures). Significant progress has been made in the context of developing and refining hardware and software infrastructure to thwart cybercrime (Ayuso, Gasca, & Lefevre, 2012; Choo, 2011). However, much less attention has been devoted to understanding the factors that lead individuals within an organization to compromise the digital assets of a company or government entity (Posey, Bennett, & Roberts, 2011; Warkentin & Willison, 2009). The need to for a greater understanding of the causes of insider threat becomes readily apparent when one considers that roughly 50% of security violations result from the activities of individuals within an organization (Richardson, 2011). Additionally, in a recent survey 89% of respondents felt that their organizations were at risk from an insider attack, and 34% felt very or extremely vulnerable (Vormetric Data Security, 2015). In this paper we describe our program of research that examines the neural basis of individual decision making related to InfoSec, and is grounded in a social cognitive neuroscience approach. We also consider evidence from studies examining the effects of individual and cultural differences on decision making related to InfoSec. Together this evidence may serve to motivate future research that integrates theories from neuroscience and the social and behavioral sciences in order to deepen our understanding of the factors that lead individuals to compromise InfoSec.
West, Robert, Kaitlyn Malley, Bridget Kirby, and Qing Hu. "A Social Cognitive Neuroscience Approach to Information Security." (2017).