IEEE Transactions on Professional Communication Dec 2021

User Perception of Data Breaches

Zahra Hassanzadeh Public Works and Government Services Canada ; Robert Biddle Carleton University ; Sky Marsen Flinders University

Abstract

<roman xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><b>Background:</b></roman> Data breaches happen when an unauthorized party gains access to personally identifiable information. They are becoming more common and impactful, raising serious concerns for individuals as well as companies. <roman xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><b>Literature review:</b></roman> Although there is considerable literature on users’ mental models in security and privacy, there has been limited study of mental models related to data breaches. <roman xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><b>Research questions:</b></roman> 1. How do users understand data breaches? 2. What are their perceptions of the causes, responsibilities, and consequences, as well as possible prevention and appropriate follow up? <roman xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><b>Methodology:</b></roman> We explored end-user understanding of internet data breaches by conducting a study with 35 participants. They were asked to draw their understanding of data breaches and answer some open-ended and closed-ended questions afterwards. <roman xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><b>Results/discussion:</b></roman> Although their drawings varied in detail and complexity, we identified four patterns in the participants’ drawings: they illustrated abstractions of attacks to gain administrator access, end-user access, backdoor access, or access using database server vulnerabilities. We found that participants had a basic model of how an internet data breach happens, but with significant uncertainties regarding system vulnerabilities, causes, consequences, prevention methods, and follow-up steps after a breach. <roman xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><b>Conclusions:</b></roman> In all, end-user mental models of internet data breaches are basic and show gaps that emphasize the need for improved communication to increase users’ awareness and help them hold companies accountable.

Journal
IEEE Transactions on Professional Communication
Published
2021-12-01
DOI
10.1109/tpc.2021.3110545
CompPile
Search in CompPile ↗
Open Access
Closed
Export
BibTeX RIS

Citation Context

Cited by in this index (0)

No articles in this index cite this work.

Cites in this index (0)

No references match articles in this index.

Also cites 18 works outside this index ↓
  1. sumra (2014)
    Attacks on security goals (confidentiality, integrity, availability) in VANET: A survey
    Vehicular Ad-hoc Networks for Smart Cities  
  2. 10.1075/aicr.12.09dij
  3. 10.1017/CBO9780511814679
  4. 10.1109/MTS.2009.934142
  5. 10.1073/pnas.1012933107
  6. 10.1017/CBO9780511816796.010
  7. 10.1007/978-0-387-76898-4_7
  8. 10.5751/ES-03802-160146
  9. 10.1207/s15516709cog0502_2
  10. 10.1007/0-387-24230-9_2
  11. 10.1145/1837110.1837125
  12. 10.1109/MSP.2010.198
  13. jonassen (2000)
    Computers as mindtools for schools: Engaging critical thinking
    J Educ Comput Res  
  14. 10.1145/1572532.1572534
  15. 10.1007/s11423-006-8253-9
  16. 10.1007/978-3-540-77366-5_34
  17. 10.4135/9781483384436.n1
  18. 10.1145/2702123.2702249
CrossRef global citation count: 11 View in citation network → Build reading path →