Self-Efficacy and Security Behavior: Results from a Systematic Review of Research Methods
2024Conference / Journal
Authors
Malte Elson M. Angela Sasse Jennifer Friedauer Imke Böse Luisa Jansen Nele Borgert
Research Hub
Research Hub D: Benutzerfreundlichkeit
Research Challenges
RC 11: End-users and Usability
Abstract
Amidst growing IT security challenges, psychological underpinnings of security behaviors have received considerable interest, e.g. cybersecurity Self-Efficacy (SE), the belief in one's own ability to enact cybersecurity-related skills. Due to diverging definitions and proposed mechanisms, research methods in this field vary considerably, potentially impeding replicable evidence and meaningful research synthesis. We report a preregistered systematic literature review investigating (a) cybersecurity SE measures, (b) SE's proposed roles, and (c) intervention approaches. We minimized selection bias by detailed exclusion criteria, interdisciplinary search strategy, and double coding. Among 174 cybersecurity SE studies (2010-2021) from 18 databases with 55,758 subjects, we identified 173 different SE measures with considerable differences in psychometric quality and validity evidence. We found 276 variables as assumed causes/outcomes of cybersecurity SE and identified 13 intervention designs. This review demonstrates the extent of methodological and conceptual fragmentation in cybersecurity SE research. We offer recommendations to inspire our research community toward standardization.