KIT | KIT-Bibliothek | Impressum | Datenschutz

An investigation of phishing awareness and education over time: When and how to best remind users

Reinheimer, Benjamin Maximilian 1; Aldag, Lukas 1; Mayer, Peter ORCID iD icon 1; Mossano, Mattia 1; Düzgün, Reyhan 1; Lofthouse, Bettina; Landesberger, Tatiana von; Volkamer, Melanie 1
1 Karlsruher Institut für Technologie (KIT)


Security awareness and education programmes are rolled out in more and more organisations. However, their effectiveness over time and, correspondingly, appropriate intervals to remind users’ awareness and knowledge are an open question. In an attempt to address this open question, we present a field investigation in a German organisation from the public administration sector. With overall 409 employees, we evaluated (a) the effectiveness of their newly deployed security awareness and education programme in the phishing context over time and (b) the effectiveness of four different reminder measures – administered after the initial effect had worn off to a degree that no significant improvement to before its deployment was detected anymore. We find a significantly improved performance of correctly identifying phishing and legitimate emails directly after and four months after the programme’s deployment. This was not the case anymore after six months, indicating that reminding users after half a year is recommended. The investigation of the reminder measures indicates that measures based on videos and interactive examples perform best, lasting for at least another six months.

Verlagsausgabe §
DOI: 10.5445/IR/1000122566/pub
Veröffentlicht am 09.09.2020
Preprint §
DOI: 10.5445/IR/1000122566
Veröffentlicht am 09.09.2020
Zitationen: 32
Cover der Publikation
Zugehörige Institution(en) am KIT Institut für Angewandte Informatik und Formale Beschreibungsverfahren (AIFB)
Kompetenzzentrum für angewandte Sicherheitstechnologie (KASTEL)
Publikationstyp Proceedingsbeitrag
Publikationsdatum 09.08.2020
Sprache Englisch
Identifikator ISBN: 978-1-939133-16-8
KITopen-ID: 1000122566
Erschienen in Proceedings of the Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020) : August 10-11, 2020
Veranstaltung 16th Symposium on Usable Privacy and Security (SOUPS 2020), Online, 09.08.2020 – 11.08.2020
Verlag Advanced Computing Systems Association (USENIX)
Seiten 259-284
Projektinformation KASTEL_SKI (BMBF, 16KIS0843)
Nachgewiesen in Scopus
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
KITopen Landing Page