ACM Conference on Human Factors in Computing Systems (CHI)
News coverage of security and privacy (S&P) events is pervasive and may affect the salience of S&P threats to the public. To better understand this coverage and its effects, we asked: What types of S&P news come into people’s awareness? How do people hear about and share this news? Over two years, we recruited 1999 participants to fill out a survey on emergent S&P news events. We identified four types of S&P news: financial data breaches, corporate personal data breaches, high sensitivity systems breaches, and politicized / activist cybersecurity. These event types strongly correlated with how people shared S&P news—e.g., financial data breaches were shared most (42%), while politicized / activist cybersecurity events were shared least (21%). Furthermore, participants’ age, gender and security behavioral intention strongly correlated with how they heard about and shared S&P news—e.g., males more often felt a personal responsibility to share, and older people were less likely to hear about S&P news through conversation.