EPISODE · Mar 1, 2025 · 21 MIN
Wake up Calling: Impacting businesses by communicating cybersecurity risk
from Cybercrimeology · host Michael
Episode NotesSMEs struggle with cybersecurity due to time, cost, and lack of expertise, despite recognizing its importance.An automated cybersecurity scan was developed to assess SME websites and email security without requiring them to opt-in.Physical reports were mailed instead of emailed to avoid phishing concerns and increase credibility.Reports included security ratings on ten key areas and recommendations for improvement.Businesses were encouraged to consult their existing IT providers for fixes rather than relying on external services.Different risk communication strategies were tested to encourage SMEs to act on the findings.“Anticipated Regret” messaging (“Fix it now or regret it later”) led to the highest cybersecurity improvements.All groups, including the control group, showed some improvement, suggesting broader awareness of cybersecurity issues.Engagement was low, with only a small number of businesses reaching out after receiving the report.Legal concerns about scanning businesses without consent were addressed—publicly available cybersecurity data can be legally assessed.Ethical approval confirmed the project was non-commercial and aimed solely at helping businesses improve security.A follow-up version of the project will introduce an opt-out option before scanning businesses.Industry associations may partner with the project to increase credibility and adoption.The intervention will be scaled up, with more businesses included and a longer time frame for assessing impact.Future plans include adapting the intervention internationally, using lessons learned to assist SMEs in other regions. About Our GuestDr. Susanne van ’t Hoff-de Goedehttps://www.linkedin.com/in/susanne-van-t-hoff-de-goede/https://www.thuas.com/research/centre-expertise/team-cyber-security Resources and Research MentionedExamining Ransomware Payment Decision-making Among SMEsMatthijsse, S. R., Moneva, A., van ’t Hoff-de Goede, M. S., & Leukfeldt, E. R.European Journal of Criminology.Explaining Cybercrime Victimization Using a Longitudinal Population-based Survey Experimentvan ’t Hoff-de Goede, M. S., van de Weijer, S., & Leukfeldt, R.Journal of Crime and Justice, 47(4), 472-491 (2024).How Safely Do We Behave Online? An Explanatory Study into the Cybersecurity Behaviors of Dutch Citizensvan der Kleij, R., van ’t Hoff-de Goede, S., van de Weijer, S., & Leukfeldt, R.In: International Conference on Applied Human Factors and Ergonomics (2021), pp. 238-246.The Online Behaviour and Victimization Studyvan ’t Hoff-de Goede, M. S., Leukfeldt, E. R., van der Kleij, R., …In:Cybercrime in Context: The human factor in victimization, offending, and … (2021). OtherDutch Government Cybersecurity Resourcehttps://english.ncsc.nl(English-language site for the Netherlands’ National Cyber Security Centre)Secure Internetting (in Dutch)https://veiliginternetten.nl/
What this episode covers
How can we encourage businesses to tackle cybersecurity? In this episode, we speak with Dr. Susanne van ’t Hoff-de Goede, Associate Professor at the Centre of Expertise Cyber Security in The Hague University of Applied Sciences. Susanne’s work focuses on the human factor in cybercrime—whether examining online victims, offenders, or the law enforcement response. Here, she introduces an innovative “low-threshold” cybersecurity intervention experiment that scanned company websites and sent tailored risk reports through traditional mail. We explore what worked, what didn’t, and how she plans to refine the approach to get more businesses proactively engaged in their cybersecurity.
NOW PLAYING
Wake up Calling: Impacting businesses by communicating cybersecurity risk
No transcript for this episode yet
Similar Episodes
No similar episodes found.
Similar Podcasts
No similar podcasts found.