Security by Behavioural Design: A Feasibility Study

To improve end-user behaviour, many organisations turn to awareness campaigns or training initiatives. The first uses posters, flyers, slogans and other types of communication to share the importance of cybersecurity with employees. However, the effectiveness of such campaigns is unknown (van Steen et al., 2020). Training end-users can be effective, but not all behaviours require extensive skills. One other method to improve end-users’ behaviour is to design software in such a way that end-users are more likely to behave in a secure fashion.