Non-Experts' Perceptions Regarding the Severity of Different Cyber-Attack Consequences: Implications for Designing Warning Messages and Modeling Threats

Natalie Lodinger; Keith Jones; Akbar Siami-Namin; Ben Widlus

doi:10.54941/ahfe1002212

AHFE International

Accelerating Open Access Science in Human Factors Engineering and Human-Centered Computing

Non-Experts' Perceptions Regarding the Severity of Different Cyber-Attack Consequences: Implications for Designing Warning Messages and Modeling Threats

Open Access

Article

Conference Proceedings

Authors: Natalie Lodinger, Keith Jones, Akbar Siami-Namin, Ben Widlus

Abstract

Cyber-defenders must account for users’ perceptions of attack consequence severity. However, research has yet to investigate such perceptions of a wide range of cyber-attack consequences. Thus, we had users rate the severity of 50 cyber-attack consequences. We then analyzed those ratings to a) understand perceived severity for each consequence, and b) compare perceived severity across select consequences. Further, we grouped ratings into the STRIDE threat model categories and c) analyzed whether perceived severity varied across those categories. The current study’s results suggest not all consequences are perceived to be equally severe; likewise, not all STRIDE threat model categories are perceived to be equally severe. Implications for designing warning messages and modeling threats are discussed.

Keywords: attack, consequence, severity, perception, cybersecurity, cyber-attack, user

DOI: 10.54941/ahfe1002212

Cite this paper

Downloads

699

Visits

1063

Download PDF

More from this volume

← Estimating Attackers’ Profiles Results in More Realistic Vulnerability Severity Scores

View all articles in Human Factors in Cybersecurity →