How psychology can help us build a safer digital future


Cybersecurity is a scary subject. It’s hard to talk about it without eliciting fear because the subject is, by its nature, about threats. The fear it provokes is powerful because the technology, complexity and risk that are linked with it can make some people feel powerless. Historically, experts trying to encourage stronger security have relied on scaring people because it provokes a strong response that’s wired into our brains. But we’ve found that fear is only a knee-jerk reaction and it fails when it comes to getting people to make long-term changes to the behavior.

There’s good news, though. Social scientists have made some interesting observations that build on our natural behavioral biases and tendencies which, when properly stimulated, can spur the engagement and empowerment that lead people to take steps to make their digital lives safer and more secure. 

Jessica Barker, co-founder, Cygenta

Jessica Barker, co-founder, Cygenta

Getting people to understand what they can do to protect themselves depends on connecting a series of ideas: They have control over their security; the problem applies to them; and they are equipped with the tools to succeed. The whole message is crucial — if a link is missing, the chain falls apart.

The first key to successful behavioral change appeals is sharing steps people can take. Early psychological studies that showed viewers scary images about tetanus found they were much more likely to get vaccinated when they were given information about where to go for it compared with those who just saw the images and heard the scary stories. Including information about the solution to the problem is key, and there should be three or four steps rather than a checklist of 10 or 20.

We can also tap into people’s wired-in psychological bias toward optimism. Neuroscientists have shown that 80% of people approach their futures with a positive outlook. Whatever the world’s problems, most people regard their situation as good and think common difficulties don’t apply to them. (It’s also one reason appeals to fear don’t work well.)  If told that a few simple steps can raise the success rate for a safety measure to 98%, optimists will readily follow through.

Another internal bias we can draw on is social proof — the preference people in uncertain situations have for seeking guidance from the crowd. If an employer shares the message that 80% of workers passed a security test, those who didn’t will feel encouraged to follow their peers and improve their digital security. That kind of appeal also draws on our preference for positive messages stemming from the optimism bias. Negative messages about the widespread use of weak passwords turn social proof against us, leading people to think that because everyone else is unsecured, they do not need to take precautions.

If we create a culture where people are given the tools to succeed and reinforce a positive message that gives people a reason to join their peers by taking doable steps, we can persuade more people to embrace a safer, more secure digital life.