Cybersecurity and privacy Behaviors in a data-driven environment

Abstract

We live in an age where information can be found everywhere at any time. In this situation, cybersecurity and privacy issues are becoming more prominent. Security and privacy issues are like opposite sides of the same coin, meaning they should always be considered together. Thus, this study examines cybersecurity and privacy at the individual, corporate, and national level.

In the first part of the research, we empirically tested whether the policy efficiently reduced the intentions of spammers in South Korea. Spam has played a role as a potential propagator of vicious attacks such as viruses, phishing, and malware. Although anti-spam legislation has already been established in many countries, it appears to be ineffective. In this context, the recently changed anti-spam policy regime from an opt-out to an opt-in scheme in South Korea provides a natural experimental setting for investigating the effect of the policy. For empirical work, we use a unique and large-scale data set of 5.6 billion spam messages originating from over 200 countries during a twenty-month period. Our main findings suggest that this policy change significantly decreased the spam volume from South Korea, compared to those originating from other countries. We conducted an additional economic analysis and found that the expected benefits for users are up to 312 million USD per year in the country. This part of the research contributes to the literature by highlighting the importance of the adequately designed policy to reduce unsolicited messages on the Internet.

In the second part of the research, we examined whether the ambiguity of the benefit from consent and other users’ privacy decision as key antecedents affected a user’s privacy decision. We conducted a field experiment regarding the privacy decision in the context of mobile application based on the lens of privacy calculus theory and the literature on behavioral economics. In total, 283 mobile users were randomly assigned to two-by-two experiment groups―high or low in the ambiguity of expected benefit, and whether or not to reveal other users’ privacy decision―and participated in the experiment for two weeks. A total of 16 information items regarding the device information and mobile behaviors were collected during the two weeks based on the participants’ consent for each information item. Users who received the detailed reward scheme (low in the ambiguity of expected benefit) allowed more information items significantly for us to collect than users who received the abstract reward scheme (high in the ambiguity of expected benefit). Users who received information about other users’ current sharing status allowed for significantly more information items than users without the information. This was due to asymmetry herding in the information disclosure of the group. The interaction effect between the two treatments was found to be significant. Online firms actively need to update the information sharing behaviors of customers to entice customers who are hesitant to share their information.

Through these two parts, we looked at security and privacy issues in online and mobile environments. In conclusion, the approach to increasing security and protecting privacy shows that it can be achieved in a variety of ways.