When believing in technology leads to poor cyber security: Development of a trust in technical controls scale

Abstract

While technical controls can reduce vulnerabilities to cyber threats, no technology provides absolute protection and we hypothesised that people may act less securely if they place unwarranted trust in these automated systems. This paper describes the development of a Trust in Technical Controls Scale (TTCS) that measures people's faith in four of these technical controls. In an online study (N = 607), Australian employees demonstrated a greater degree of trust in firewalls and anti-virus software than they did in spam filters and social media privacy settings. Lower scores on the four item TTCS were related to better information security awareness (ISA) and higher scores on tests of cognitive abilities such as non-verbal IQ and cognitive reflection. The TTCS predicted an individual's ability to detect a phishing email to a similar degree as other factors such as ISA, non-verbal IQ and cognitive impulsivity. However, unlike ISA, the scale did not predict the strength of passwords people constructed. Results suggest that the TTCS is a useful complement to ISA in understanding and predicting certain cyber security behaviours.