Nudges and Cybersecurity: Harnessing Choice Architecture for Safer Work-From-Home Cybersecurity Behaviour

The number of security breaches and the cost of damages hit a record high in 2021, with an average cost of $5.4 million per incident in Canada, according to the IBM Security Report (2021). Despite safety measures and risk management policies, work-from-home arrangements and employee behaviour are reported as major factors affecting cybersecurity. This research examines the choice architecture of work-from-home cybersecurity behaviour through a multiple case study research design and cross-case analysis of employees from eight small and medium businesses. Contributions include an inventory of individual and organizational factors that influence cybersecurity behaviour, a framework to specify a nudge, three nudges specified using the framework, and a six-step method to design a nudge to influence the cybersecurity behaviour of work-from-home employees. These results can assist mangers, researchers, and entrepreneurs to understand and improve their work-from-home cybersecurity posture.