Breaking! A Typology of Security and Privacy News and How It's Shared

摘要

News coverage of security and privacy (S&P) events is pervasive and may affect the salience of S&P threats to the public. To better understand this coverage and its effects, we asked: What types of S&P news come into people's awareness? How do people hear about and share this news? Over two years, we recruited 1999 participants to fill out a survey on emergent S&P news events. We identified four types of S&P news: financial data breaches, corporate personal data breaches, high sensitivity systems breaches, and politicized/activist cybersecurity. These event types strongly correlated with how people shared S&P news - e.g., financial data breaches were shared most (42%), while politicized/activist cybersecurity events were shared least (21%). Furthermore, participants' age, gender and security behavioral intention strongly correlated with how they heard about and shared S&P news - e.g., males more often felt a personal responsibility to share, and older people were less likely to hear about S&P news through conversation.