ABSTRACT

Our research proposes to identify and understand critical aspects of human behavior that could help policymakers and companies effectively increase user awareness and trigger user action. For that, we combine the credential stuffing phenomenon with privacy awareness to gauge discrepancies between subjects’ attitudes and behavior after data breaches occur. We surveyed 405 subjects in a primarily quantitative approach to understand if users’ security and privacy influenced the privacy awareness gap, behavioral gaps, and data breach severity.

We found that users are not aware of almost 75% of their data breaches and only care for little less than half of those breaches (46.2%). We also discovered that closing the awareness gap (i.e., users not being aware of worrisome data breaches) increases users’ susceptibility to falsified information while registering in new websites or services (i.e., providing false or dummy data when websites ask them for information).

We analyzed the victim awareness gap and discovered that 25.68% of data breach victims do not consider themselves victims even though companies notified them.

Lastly, our findings uncovered several possible correlations between users’ characteristics, privacy gaps, and data breaches severity. We anticipate that our findings may be used to improve the understanding that organizations, policymakers, and researchers have on privacy gaps.

Images from: Dominic Smith & gagnonm1993