Award Abstract # 1750908
CAREER: The Role of Emotion and Social Motives in Communicating Risk: Implications for User Behavior in the Cyber Security Context

NSF Org: CNS
Division Of Computer and Network Systems
Recipient: UNIVERSITY OF CONNECTICUT
Initial Amendment Date: April 24, 2018
Latest Amendment Date: April 16, 2025
Award Number: 1750908
Award Instrument: Continuing Grant
Program Manager: Sara Kiesler
skiesler@nsf.gov
 (703)292-8643
CNS
 Division Of Computer and Network Systems
CSE
 Directorate for Computer and Information Science and Engineering
Start Date: July 1, 2018
End Date: June 30, 2026 (Estimated)
Total Intended Award Amount: $559,786.00
Total Awarded Amount to Date: $559,786.00
Funds Obligated to Date: FY 2018 = $92,717.00
FY 2019 = $103,775.00

FY 2020 = $109,236.00

FY 2021 = $118,146.00

FY 2022 = $135,912.00
History of Investigator:
  • Mohammad Khan (Principal Investigator)
    maifi.khan@uconn.edu
Recipient Sponsored Research Office: University of Connecticut
438 WHITNEY RD EXTENSION UNIT 1133
STORRS
CT  US  06269-9018
(860)486-3622
Sponsor Congressional District: 02
Primary Place of Performance: University of Connecticut
CT  US  06269-1133
Primary Place of Performance
Congressional District:
02
Unique Entity Identifier (UEI): WNTPS995QBM7
Parent UEI:
NSF Program(s): Secure &Trustworthy Cyberspace
Primary Program Source: 01002223DB NSF RESEARCH & RELATED ACTIVIT
01001819DB NSF RESEARCH & RELATED ACTIVIT

01001920DB NSF RESEARCH & RELATED ACTIVIT

01002021DB NSF RESEARCH & RELATED ACTIVIT

01002122DB NSF RESEARCH & RELATED ACTIVIT
Program Reference Code(s): 7434, 1045, 025Z
Program Element Code(s): 806000
Award Agency Code: 4900
Fund Agency Code: 4900
Assistance Listing Number(s): 47.070

ABSTRACT

Prior research notes that many cyberattacks are preventable if end users take precautionary measures, such as keeping systems updated, but they often fail to do so. This proposal builds upon theories of risk communication, emotional intelligence, and self-determination to design new approaches to cybersecurity risk communication and training. The goals are to enable users to assess risks, costs, and benefits consistently and correctly, to promote task-focused coping responses, and to facilitate their internalization of values, promoting spontaneous diffusion of cybersecurity knowledge. By enabling non-expert users to make informed security decisions through raising cybersecurity risk awareness and self-efficacy development, this project directly addresses an increasingly serious threat to economic growth and national security. This project also creates cybersecurity research and training opportunities for graduate and undergraduate students, and members from the underrepresented groups through outreach initiatives.

This project systematically tests two hypotheses: (i) that addressing gaps in mental models along with development of self-efficacy can promote task-focused coping responses and early conformance behavior, and (ii) that communicating social motives can lead to the development of intrinsic motivation and spontaneous diffusion of information. Towards that end, the researchers design and conduct a series of interview-style user studies including both expert and non-expert users, and they develop effective risk communication modules that address gaps in mental models and enable non-expert users to evaluate risks, costs and benefits of security decisions. This project will also test the efficacy of different interventions to promote task-focused coping responses and promote spontaneous diffusion of information. By systematically testing the aforementioned hypotheses, this project provides in-depth understanding regarding the influence of emotions and social motives in cybersecurity behavior and makes a valuable contribution to the theoretical foundation of risk communication. By investigating mental models of high school students as well as adults, this project advances the theory of risk communication for adolescents in the cybersecurity context and enables cybersecurity professionals to design risk communication modules specifically targeting this vulnerable demographic. Research results are synthesized in modular tutorials and made publicly available.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH

Note:  When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

Peck, Sarah and Khan, Mohammad and Fahim, Md and Coman, Emil and Jensen, Theodore and Albayram, Yusuf "Who Would Bob Blame? Factors in Blame Attribution in Cyberattacks Among the Non-adopting Population in the Context of 2FA." IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC) , 2020 Citation Details
Peck, Sarah Marie and Khan, Mohammad_Maifi_Hasan and Fahim, Md_Abdullah Al and Coman, Emil N and Jensen, Theodore and Albayram, Yusuf "Who Would Bob Blame? Factors in Blame Attribution in Cyberattacks Among the Non-Adopting Population in the Context of 2FA" , 2020 https://doi.org/10.1109/COMPSAC48688.2020.0-166 Citation Details
Ul Haque, Ehsan and Khan, Mohammad Maifi and Fahim, Md Abdullah "The Nuanced Nature of Trust and Privacy Control Adoption in the Context of Google" CHI Conference on Human Factors in Computing Systems (CHI 23) , 2023 https://doi.org/10.1145/3544548.3581387 Citation Details
Ul_Haque, Ehsan and Khan, Mohammad_Maifi Hasan "Effect of Device Risk Perceptions and Understandability of Data Management Features on Consumers' Willingness to Pay (WTP) for IoT Device Premium Data Management Plan" , 2023 https://doi.org/10.1145/3617072.3617118 Citation Details
Ul_Haque, Ehsan and Khan, Mohammad_Maifi Hasan "Investigating Users' Decision-making for Data Privacy Controls in the Context of Internet of Things (IoT) Devices Using an Incentive-compatible Lottery Study" , 2025 https://doi.org/10.1145/3706598.3713251 Citation Details
Ul_Haque, Ehsan and Khan, Mohammad_Maifi Hasan and Fahim, Md_Abdullah Al and Jensen, Theodore "Divergences in Blame Attribution after a Security Breach based on Compliance Behavior: Implications for Post-breach Risk Communication" , 2023 https://doi.org/10.1145/3617072.3617117 Citation Details

Please report errors in award information by writing to: awardsearch@nsf.gov.

Print this page

Back to Top of page