30 Communicating to Mitigate Behavioral Cyber Risks: The Case of Employee Vulnerability
-
Albena Björck
Abstract
Cyber-attacks are an increasingly significant safety and risk issue for companies of any size and many organizations have already been attacked. Preparing for such an event is imperative for every organization - besides up-to-date technological infrastructure, employee awareness, and alert online behavior are critical components of any defense mechanism. Although the importance of and urgency for employee preparedness and the role of cyber-risk communication in that process have been stressed in academic papers and business practice, there remains a dire need for empirical research. Thus, we investigate the hidden mental models driving employee behavior by applying structured brainstorming to distill common themes and define communication goals. We then translate these insights into instructional risk messages and actions. Our study contributes to the field of internal risk and safety communication in numerous ways: First, by focusing on the employee risk perceptions of cyber risk we unpack the internalization triggering the effect of learning and behavioral change in a pre-crisis phase. Second, we develop risk communication messages targeting these perceptions and internalization goals. Lastly, we develop a diagnostic questionnaire to evaluate the cyber-risk readiness and maturity of the employees in order to customize the risk communication effort.
Abstract
Cyber-attacks are an increasingly significant safety and risk issue for companies of any size and many organizations have already been attacked. Preparing for such an event is imperative for every organization - besides up-to-date technological infrastructure, employee awareness, and alert online behavior are critical components of any defense mechanism. Although the importance of and urgency for employee preparedness and the role of cyber-risk communication in that process have been stressed in academic papers and business practice, there remains a dire need for empirical research. Thus, we investigate the hidden mental models driving employee behavior by applying structured brainstorming to distill common themes and define communication goals. We then translate these insights into instructional risk messages and actions. Our study contributes to the field of internal risk and safety communication in numerous ways: First, by focusing on the employee risk perceptions of cyber risk we unpack the internalization triggering the effect of learning and behavioral change in a pre-crisis phase. Second, we develop risk communication messages targeting these perceptions and internalization goals. Lastly, we develop a diagnostic questionnaire to evaluate the cyber-risk readiness and maturity of the employees in order to customize the risk communication effort.
Chapters in this book
- Frontmatter I
- Preface to Handbooks of Communication Science series V
- Contents VII
- 1 Introduction: Unique Challenges and Opportunities in Communicating Risk and Safety 1
-
Section 1: Fundamental Principles and Perspectives When Communicating Risk and Safety
- 2 Communicating Safety and Risk: Advancement of a Field in Constant Uncertainty 13
- 3 Communicating with Numbers: Challenges and Potential Solutions 33
- 4 Translating Data into Intelligible Risk and Safety Guidelines 57
- 5 Disaster Fatigue, Communication, and Resilience: Insights from Natural Hazards, Human-Caused Disasters, and Public Health Crises 77
- 6 The COVID-19 Pandemic as Exemplar of the Chaos of Mega-Crises 97
-
Section 2: Rhetorical Considerations When Communicating Risk and Safety
- 7 Rhetorical Sensitivity and Crisis and Risk Communication: Extension of a Theory 111
- 8 Emotions in Risk and Crisis Communication: An Individual and Networked Perspective 123
- 9 Narratives in Collision: Crisis and Pragmatic Dialogic Learning 143
- 10 Applying Dialogic Theory to Risk and Problem Solving 159
- 11 Embracing Dialogue While Cultivating Convergence: Organizational Challenges in Responsibly Communicating Risk 179
- 12 The Function of Stasis in Risk and Safety Controversies 197
-
Section 3: Ethical Dilemmas When Communicating Risk and Safety
- 13 Risk Communication: A Communication Ethics Perspective 219
- 14 The Ethic of First and Second Things in Communicating Risk and Safety 237
- 15 Ethical Obligations in Communicating Risk and Safety: Standards of Dialogue, Uncertainty, Change, and Truthfulness 255
-
Section 4: Cultural Imperatives When Communicating Risk and Safety
- 16 Culture-centered Approach to Risk Communication 269
- 17 “All Knowledge Is Local”: The PEN-3 Model as a Guide to Overcoming Western/ European Bias in Risk Communication about Global Health Concerns in East Africa 285
- 18 Communities of Practice Approach to Safety Communication 301
-
Section 5: Instructional Perspectives and Compliance-Gaining When Communicating Risk and Safety
- 19 Instruction as Self-Protection 321
- 20 Mobile Instructional Communication for Public Safety and Community Resilience 339
- 21 From Risks to Crisis Society: The Drivers of the Public Health Communication Paradigm Shift 359
- 22 Earthquake Risk Communication of Individual Protective Actions for Big Earthquakes: A Situational Choreography Model Based on Social Communication Engineering 379
-
Section 6: Media and Technological Considerations When Communicating Risk and Safety
- 23 Risk Information Seeking and Processing Model 413
- 24 Understanding Contemporary Infodemics through the Risk Amplification through Media Spread (RAMS) Model 453
- 25 Spotting Risks: How to Integrate Social Media Listening to a Framework of Assessing Risks 473
- 26 Emergent Organizations and Post-Disaster Risk: Volunteerism in the Digital Age 493
- 27 Communicating and Perceiving Risks of Artificial Intelligence as an Emerging Technology 503
-
Section 7: Future Considerations: Untangling Issues of (Mis)Trust When Communicating Risk and Safety
- 28 The Role of Trust and Distrust in Risk and Safety Communication 529
- 29 It’s Complicated . . . : Exploring Vaccination Attitudes and the Vaccination Infodemic in the UK throughout the COVID-19 Pandemic 551
- 30 Communicating to Mitigate Behavioral Cyber Risks: The Case of Employee Vulnerability 585
- 31 Building or Unbuilding Trust? A Reflection on Governments, News Media, and Businesses’ Communication during the COVID-19 Pandemic 607
- Contributors 627
- Index 637
Chapters in this book
- Frontmatter I
- Preface to Handbooks of Communication Science series V
- Contents VII
- 1 Introduction: Unique Challenges and Opportunities in Communicating Risk and Safety 1
-
Section 1: Fundamental Principles and Perspectives When Communicating Risk and Safety
- 2 Communicating Safety and Risk: Advancement of a Field in Constant Uncertainty 13
- 3 Communicating with Numbers: Challenges and Potential Solutions 33
- 4 Translating Data into Intelligible Risk and Safety Guidelines 57
- 5 Disaster Fatigue, Communication, and Resilience: Insights from Natural Hazards, Human-Caused Disasters, and Public Health Crises 77
- 6 The COVID-19 Pandemic as Exemplar of the Chaos of Mega-Crises 97
-
Section 2: Rhetorical Considerations When Communicating Risk and Safety
- 7 Rhetorical Sensitivity and Crisis and Risk Communication: Extension of a Theory 111
- 8 Emotions in Risk and Crisis Communication: An Individual and Networked Perspective 123
- 9 Narratives in Collision: Crisis and Pragmatic Dialogic Learning 143
- 10 Applying Dialogic Theory to Risk and Problem Solving 159
- 11 Embracing Dialogue While Cultivating Convergence: Organizational Challenges in Responsibly Communicating Risk 179
- 12 The Function of Stasis in Risk and Safety Controversies 197
-
Section 3: Ethical Dilemmas When Communicating Risk and Safety
- 13 Risk Communication: A Communication Ethics Perspective 219
- 14 The Ethic of First and Second Things in Communicating Risk and Safety 237
- 15 Ethical Obligations in Communicating Risk and Safety: Standards of Dialogue, Uncertainty, Change, and Truthfulness 255
-
Section 4: Cultural Imperatives When Communicating Risk and Safety
- 16 Culture-centered Approach to Risk Communication 269
- 17 “All Knowledge Is Local”: The PEN-3 Model as a Guide to Overcoming Western/ European Bias in Risk Communication about Global Health Concerns in East Africa 285
- 18 Communities of Practice Approach to Safety Communication 301
-
Section 5: Instructional Perspectives and Compliance-Gaining When Communicating Risk and Safety
- 19 Instruction as Self-Protection 321
- 20 Mobile Instructional Communication for Public Safety and Community Resilience 339
- 21 From Risks to Crisis Society: The Drivers of the Public Health Communication Paradigm Shift 359
- 22 Earthquake Risk Communication of Individual Protective Actions for Big Earthquakes: A Situational Choreography Model Based on Social Communication Engineering 379
-
Section 6: Media and Technological Considerations When Communicating Risk and Safety
- 23 Risk Information Seeking and Processing Model 413
- 24 Understanding Contemporary Infodemics through the Risk Amplification through Media Spread (RAMS) Model 453
- 25 Spotting Risks: How to Integrate Social Media Listening to a Framework of Assessing Risks 473
- 26 Emergent Organizations and Post-Disaster Risk: Volunteerism in the Digital Age 493
- 27 Communicating and Perceiving Risks of Artificial Intelligence as an Emerging Technology 503
-
Section 7: Future Considerations: Untangling Issues of (Mis)Trust When Communicating Risk and Safety
- 28 The Role of Trust and Distrust in Risk and Safety Communication 529
- 29 It’s Complicated . . . : Exploring Vaccination Attitudes and the Vaccination Infodemic in the UK throughout the COVID-19 Pandemic 551
- 30 Communicating to Mitigate Behavioral Cyber Risks: The Case of Employee Vulnerability 585
- 31 Building or Unbuilding Trust? A Reflection on Governments, News Media, and Businesses’ Communication during the COVID-19 Pandemic 607
- Contributors 627
- Index 637
