How effective are social engineering interventions? A meta-analysis

Jan Willem Bullee*, Marianne Junger

*Corresponding author for this work

Research output: Contribution to journalReview articleAcademicpeer-review

Abstract

Purpose: Social engineering is a prominent aspect of online crime. Various interventions have been developed to reduce the success of this type of attacks. This paper aims to investigate if interventions can help to decrease the vulnerability to social engineering attacks. If they help, the authors investigate which forms of interventions and specific elements constitute success. Design/methodology/approach: The authors selected studies which had an experimental design and rigorously tested at least one intervention that aimed to reduce the vulnerability to social engineering. The studies were primarily identified from querying the Scopus database. The authors identified 19 studies which lead to the identification of 37 effect sizes, based on a total sample of N = 23,146 subjects. The available training, intervention materials and effect sizes were analysed. The authors collected information on the context of the intervention, the characteristics of the intervention and the characteristics of the research methodology. All analyses were performed using random-effects models, and heterogeneity was quantified. Findings: The authors find substantial differences in effect size for the different interventions. Some interventions are highly effective; others have no effect at all. Highly intensive interventions are more effective than those that are low on intensity. Furthermore, interventions with a narrow focus are more effective than those with a broad focus. Practical implications: The results of this study show differences in effect for different elements of interventions. This allows practitioners to review their awareness campaigns and tailor them to increase their success. Originality/value: The authors believe that this is the first study that compares the impact of social engineering interventions systematically.

Original languageEnglish
Pages (from-to)801-830
Number of pages30
JournalInformation and Computer Security
Volume28
Issue number5
DOIs
Publication statusPublished - 5 Aug 2020

Keywords

  • Awareness
  • Cybercrime
  • Intervention
  • Meta-analysis
  • Online
  • Phishing
  • Social engineering
  • Systematic review

Fingerprint Dive into the research topics of 'How effective are social engineering interventions? A meta-analysis'. Together they form a unique fingerprint.

Cite this