Information security and practice: the user's perspective

Nathan Clarke, Fudong Li, Steven Furnell, Ingo Stengel, Giorgio Ganis

Research output: Chapter in Book/Report/Conference proceedingConference contribution

90 Downloads (Pure)


The use of Information Technology (IT) has become common practice in our everyday lives both for business and private purposes. While people enjoy the convenience that IT offers, it also poses various security threats if not used properly, including malware, hacking, and information disclosure. Unfortunately, the scale and consequence of cyber threats has increased significantly year-on-year despite various security controls having been developed and deployed. It is evident that end users play a significant role within the information security domain, as they are frequently the primary target and the main force behind incidents. Nonetheless, whilst there are annual security surveys for organisations, less effort were given regarding assessing how individuals practice information security by the research community. Therefore, this paper presents a survey that investigates user's IT security practice and behaviour. In total, 400 respondents were surveyed during a five month period (i.e. November 2014 - March 2015). Overall, the results demonstrate that end users practice better IT security than typically thought although it appears only at a relatively basic level. For example, whilst a reasonably good proportion of participants (66%) claimed that they never share their passwords with others, 76% have used the same password on multiple sensitive accounts. Almost three quarters (72%) of responders never click on links or attachments within emails from unknown sources, but this is significantly reduced (to 36%) when someone they knew sent the email. Two-thirds of users (65%) do appreciate the importance of antivirus software as they always keep their antivirus software updated; however, less care is given to other applications/systems as only 44% would do the same and more alarmingly 65% even cancel or delay the security update process. Over two thirds (68%) of participants do not always backup their data, and only half of the participants (53%) claimed that they always destroy their data before hardware disposal. The results of the survey suggest that whilst levels of awareness are improving, there is still a significant gap between existing and required levels of information security knowledge and practice. Arguably, users are currently being overwhelmed by the burden being placed upon them to remain secure. The range of technologies they use (60% using more than 3 devices), the widespread use of online services (89% using at least 5 IT services) highlight users are becoming or have become technology dependent but perhaps without being security savvy.

Original languageEnglish
Title of host publicationProceedings of the 11th International Conference on Cyber Warfare and Security, ICCWS 2016
EditorsTanya Zlateva, Virginia A. Greiman
PublisherAcademic Conferences Limited
Number of pages9
ISBN (Print)978-1910810828
Publication statusPublished - 2016
Event11th International Conference on Cyber Warfare and Security - Boston, United States
Duration: 17 Mar 201618 Mar 2016

Publication series

NameProceedings of the International Conference on Information Warfare and Security
ISSN (Print)2048-9870


Conference11th International Conference on Cyber Warfare and Security
Abbreviated titleICCWS 2016
Country/TerritoryUnited States


  • end-user
  • IT security
  • survey


Dive into the research topics of 'Information security and practice: the user's perspective'. Together they form a unique fingerprint.

Cite this