Effective computer security is highly dependent upon the behavior of the end-user. 50 participants analyzed five themes of computer security messages in an attempt to determine which theme(s) were the most effective in encouraging end-users to make sound security decisions and adopt safe security practices.
Several findings stood out. Regret and morality messages were the least likely to influence change based on their memorability, believability, persuasiveness, and actionability. Next, incentive messages performed at an intermediate level with respect to these change factors. Finally, deterrent and feedback messages performed well in terms of influencing change, with feedback messages unexpectedly performing the best.
It is recommended that future research explore ways to enhance the memorability of all message types, improve the believability and persuasiveness of incentive messages, and unpack what it is about feedback messages that makes them effective. The latter work might well focus on the normative aspects of feedback.