IEEE Transactions on Professional Communication Dec 2021

User Perception of Data Breaches

Zahra Hassanzadeh Public Works and Government Services Canada ; Robert Biddle Carleton University ; Sky Marsen Flinders University

Abstract

<roman xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><b>Background:</b></roman> Data breaches happen when an unauthorized party gains access to personally identifiable information. They are becoming more common and impactful, raising serious concerns for individuals as well as companies. <roman xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><b>Literature review:</b></roman> Although there is considerable literature on users’ mental models in security and privacy, there has been limited study of mental models related to data breaches. <roman xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><b>Research questions:</b></roman> 1. How do users understand data breaches? 2. What are their perceptions of the causes, responsibilities, and consequences, as well as possible prevention and appropriate follow up? <roman xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><b>Methodology:</b></roman> We explored end-user understanding of internet data breaches by conducting a study with 35 participants. They were asked to draw their understanding of data breaches and answer some open-ended and closed-ended questions afterwards. <roman xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><b>Results/discussion:</b></roman> Although their drawings varied in detail and complexity, we identified four patterns in the participants’ drawings: they illustrated abstractions of attacks to gain administrator access, end-user access, backdoor access, or access using database server vulnerabilities. We found that participants had a basic model of how an internet data breach happens, but with significant uncertainties regarding system vulnerabilities, causes, consequences, prevention methods, and follow-up steps after a breach. <roman xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><b>Conclusions:</b></roman> In all, end-user mental models of internet data breaches are basic and show gaps that emphasize the need for improved communication to increase users’ awareness and help them hold companies accountable.

Journal
IEEE Transactions on Professional Communication
Published
2021-12-01
DOI
10.1109/tpc.2021.3110545
CompPile
Open Access
Closed
Export
BibTeX RIS

Citation Context

Cited by in this index (0)

No articles in this index cite this work.

References (30)

  1. sumra (2014)
    Attacks on security goals (confidentiality, integrity, availability) in VANET: A survey
    Vehicular Ad-hoc Networks for Smart Cities  
  2. hassanzadeh (2020)
    We're here to help: Crisis communication and user perception of data breaches
    Proc Graphic Interface
  3. 10.1075/aicr.12.09dij
  4. 10.1017/CBO9780511814679
  5. johnson-laird (1990)
    Mental models Towards a cognitive science of language inference and consciousness
Show all 30 →
  1. 10.1109/MTS.2009.934142
  2. 10.1073/pnas.1012933107
  3. 10.1017/CBO9780511816796.010
  4. 10.1007/978-0-387-76898-4_7
  5. 10.5751/ES-03802-160146
  6. 10.1207/s15516709cog0502_2
  7. flick (2014)
    The SAGE handbook of qualitative data analysis
    Research Methods in Education
  8. (0)
    Data protection: Actions taken by equifax and federal agencies in response to the 2017 br…
  9. check (2012)
    Qualitative data analysis
    Research Methods in Education
  10. 10.1007/0-387-24230-9_2
  11. mele (2018)
    Data breaches keep happening. So why don't you do something?
  12. koch (0)
    Everything you need to know about GDPR compliance
  13. swinhoe (0)
  14. 10.1145/1837110.1837125
  15. 10.1109/MSP.2010.198
  16. (2019)
  17. wash (2011)
    Influencing mental models of security: A research agenda
    Proceedings New Security Paradigms Workshop
  18. goddijn (0)
    Risk based security. 2020 q1 report data breach quick view
  19. jonassen (2000)
    Computers as mindtools for schools: Engaging critical thinking
    J Educ Comput Res  
  20. 10.1145/1572532.1572534
  21. 10.1007/s11423-006-8253-9
  22. 10.1007/978-3-540-77366-5_34
  23. wu (2018)
    When is a tree really a truck? Exploring mental models of encryption
    Proc 14th Symp Usable Privacy Secur
  24. 10.4135/9781483384436.n1
  25. 10.1145/2702123.2702249
CrossRef global citation count: 12 View in citation network → Build reading path →