Sveriges mest populära poddar
Start / Cybercrimeology / Wake up calling impacting businesses by communicating cybersecurity risk

Cybercrimeology

Wake up Calling: Impacting businesses by communicating cybersecurity risk

22 min • 1 mars 2025

Episode Notes

  • SMEs struggle with cybersecurity due to time, cost, and lack of expertise, despite recognizing its importance.
  • An automated cybersecurity scan was developed to assess SME websites and email security without requiring them to opt-in.
  • Physical reports were mailed instead of emailed to avoid phishing concerns and increase credibility.
  • Reports included security ratings on ten key areas and recommendations for improvement.
  • Businesses were encouraged to consult their existing IT providers for fixes rather than relying on external services.
  • Different risk communication strategies were tested to encourage SMEs to act on the findings.
  • “Anticipated Regret” messaging (“Fix it now or regret it later”) led to the highest cybersecurity improvements.
  • All groups, including the control group, showed some improvement, suggesting broader awareness of cybersecurity issues.
  • Engagement was low, with only a small number of businesses reaching out after receiving the report.
  • Legal concerns about scanning businesses without consent were addressed—publicly available cybersecurity data can be legally assessed.
  • Ethical approval confirmed the project was non-commercial and aimed solely at helping businesses improve security.
  • A follow-up version of the project will introduce an opt-out option before scanning businesses.
  • Industry associations may partner with the project to increase credibility and adoption.
  • The intervention will be scaled up, with more businesses included and a longer time frame for assessing impact.
  • Future plans include adapting the intervention internationally, using lessons learned to assist SMEs in other regions.

 

About Our Guest

Dr. Susanne van ’t Hoff-de Goede

https://www.linkedin.com/in/susanne-van-t-hoff-de-goede/

https://www.thuas.com/research/centre-expertise/team-cyber-security

 

Resources and Research Mentioned

Examining Ransomware Payment Decision-making Among SMEs

Matthijsse, S. R., Moneva, A., van ’t Hoff-de Goede, M. S., & Leukfeldt, E. R.

European Journal of Criminology.

Explaining Cybercrime Victimization Using a Longitudinal Population-based Survey Experiment

van ’t Hoff-de Goede, M. S., van de Weijer, S., & Leukfeldt, R.

Journal of Crime and Justice, 47(4), 472-491 (2024).

How Safely Do We Behave Online? An Explanatory Study into the Cybersecurity Behaviors of Dutch Citizens

van der Kleij, R., van ’t Hoff-de Goede, S., van de Weijer, S., & Leukfeldt, R.

In: International Conference on Applied Human Factors and Ergonomics (2021), pp. 238-246.

The Online Behaviour and Victimization Study

van ’t Hoff-de Goede, M. S., Leukfeldt, E. R., van der Kleij, R., …

In:Cybercrime in Context: The human factor in victimization, offending, and … (2021).

 

Other

Dutch Government Cybersecurity Resource

https://english.ncsc.nl

(English-language site for the Netherlands’ National Cyber Security Centre)

Secure Internetting (in Dutch)

https://veiliginternetten.nl/

Kategorier
PoddarUtbildningVetenskap
Förekommer på
Vetenskap
00:00 -00:00
Hur lyssnar jag på podcast?

En liten tjänst av I'm With Friends. Finns även på engelska.