Do Better: What Five Years of Cybersecurity Behavior Data Reveal About Why Awareness Still Fails
After five years of tracking cybersecurity attitudes and behaviors, the findings are clear...and uncomfortable. Many people are increasingly disengaged from cybersecurity, skeptical that their actions matter, and fatigued by awareness messaging that feels irrelevant or alarmist. For higher education security and privacy professionals, this raises a critical question: if traditional awareness approaches aren’t working, what should replace them? This session draws on the 'Oh, Behave!' Cybersecurity Attitudes and Behaviors Report: 2021–2025 to explore why so much cybersecurity awareness content fails, and how behavioral science can help us do better. Attendees will examine real examples of common awareness practices and learn how to distinguish evidence-based behavioral techniques from frequently misunderstood concepts like “nudges” and gamification. Rather than focusing on fear, reminders, or technical language, this session highlights subtle human-centered approaches drawn from behavioral science, marketing, and user experience design. Participants will leave with a clearer understanding of how to design security and privacy communications that resonate with campus communities, respect autonomy, and influence behavior without assuming anyone inherently cares about cybersecurity.
Presenters
-
Lisa Plaggemier
Executive Director,
The National Cyber Security Alliance (NCSA)
Resources & Downloads
-
What Five Years of Cybersecurity Behavior Data Reveal About Why Awareness Still Fails Presentation
Updated on 4/29/2026