PSYC FPX 4210 Assessment 2 Research Methodologies Analysis 2: Exploring Workers’ Subjective Experiences of Habit Formation in Cybersecurity: A Qualitative Survey

This study investigates cybersecurity within the workplace and examines employees’ subjective experiences regarding habit formation, aiming to foster positive habits. The research addresses the gap between understanding cybersecurity and habit formation to promote best practices. Participants were selected from various fields within their organizations, ranging from skilled professionals to self-employed individuals. This exploratory qualitative online survey was conducted using Qualtrics, with data collected online. Cybersecurity behaviors were coded, and responses to open-ended questions were analyzed through inductive thematic analysis using ATLAS. Codes were assigned based on expressed sentiments, and a series of authors coded the responses in subsets.  The interpretation and categorization of statements were checked for consistency. The analysis of open-ended questions revealed key themes, including habit formation, habit cultivation, and organizational influences. A total of 195 participants were recruited for the study, with 53% being female, aged 18 to 66, a standard deviation of 10.24, and a median age of 36. All participants were based in the UK, limiting the study to a single demographic. Although the study was conducted online, the sample size of 195 participants represents only a small segment of the population. Additionally, ethical concerns arise regarding the difficulty of verifying the authenticity of participants. The findings may not provide practical insights for implementing cybersecurity measures; however, they support the notion that habit-based interventions could be effective in fostering cybersecurity behaviors in the workplace. The questionnaire utilized in this study included open-ended questions about cybersecurity behavior, but there was no control group or control questions regarding general behavior and habit formation related to non-cybersecurity games (Hochheiser et al., 2017).  Critique and Recommendations Social Identity Theory can be employed to identify commonalities among employees and organizations that are vulnerable to cyberattacks. The overarching goal of these two studies is to investigate and present the impacts on the general population and the human aspects of cybersecurity. Cybersecurity is heavily influenced by end-users’ attitudes and experiences, which shape their behavioral responses (Alhayani et al., 2021). Additionally, there is a need for a transdisciplinary approach that brings together psychologists and IT professionals to enhance cybersecurity awareness. Understanding cybersecurity fears and threats is crucial for promoting proactive and defensive security behaviors among the general public. According to Social Identity Theory, proposed by Tajfel and Turner, group members share common goals to maintain group cohesion and adhere to shared norms (Tajfel & Turner, 2004). Recognizing our shared social identity as potential cyber victims can foster collective efforts toward cybersecurity behavior formation.  A key aspect of Social Identity Theory suggests that individuals strive to achieve and maintain a sense of positive distinctiveness within their group membership (Tajfel & Turner, 2004). The desire to view in-groups favorably aligns with self-esteem perspectives, and distinctiveness serves a functional purpose. Social Identity Theory predicts that group members’ responses to threats to their distinctiveness depend on their level of identification with the group’s relevance (Spears et al., 1997). Research indicates that when individuals face threats to their distinctiveness, they report greater support for policies aimed at preserving in-group distinctiveness by distancing themselves from the relevant out-group (Branscombe et al., 1993). Similarly, in organizations where employees identify as members of a group facing cyberattack threats, they are likely to exhibit heightened awareness of distinctiveness threats from out-groups, such as hackers, and will support policies that enhance cybersecurity. The goal of cybersecurity is to maintain in-group distinctiveness by taking proactive measures to defend against cyberattacks.  PSYC FPX 4210 Assessment 2 Research Methodologies Besides that, the participants were drawn from diverse sources, which indicates a lack of in-group membership identity, resulting in lower scores for subjective norms. The formation of best practice habits and behavior development in end-users for cybersecurity can be understood through Albert Bandura’s Social Learning Theory. In the subsequent article by Collins and Hinds (2021), the exploration of workers’ subjective experiences regarding habit formation in cybersecurity is presented through a qualitative survey. The results reveal overarching themes based on participants’ responses, including the unintentional or unconscious formation of habits, the conscious cultivation of habits, and the potential effectiv