{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,29]],"date-time":"2026-01-29T21:01:46Z","timestamp":1769720506014,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":139,"publisher":"ACM","funder":[{"name":"EPSRC","award":["EP\/V011189\/1"],"award-info":[{"award-number":["EP\/V011189\/1"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,8,24]]},"DOI":"10.1145\/3774761.3774763","type":"proceedings-article","created":{"date-parts":[[2026,1,29]],"date-time":"2026-01-29T09:29:11Z","timestamp":1769678951000},"page":"17-36","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Would 'Secure' Users Lead to Secure Commons? Surprisingly Not! A framework to evaluate effective   power and collective outcomes in cybersecurity."],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5367-6659","authenticated-orcid":false,"given":"Partha","family":"Das Chowdhury","sequence":"first","affiliation":[{"name":"University of Bristol, Bristol, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7187-6531","authenticated-orcid":false,"given":"Karen","family":"Renaud","sequence":"additional","affiliation":[{"name":"University of Strathclyde, Glasgow, United Kingdom"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4515-2871","authenticated-orcid":false,"given":"Ingrid","family":"Ott","sequence":"additional","affiliation":[{"name":"Karlsruhe Institute of Technology, Karlsruhe, Germany"}]}],"member":"320","published-online":{"date-parts":[[2026,1,29]]},"reference":[{"key":"e_1_3_3_2_2_2","doi-asserted-by":"crossref","unstructured":"Hal Abelson Ross Anderson Steven\u00a0M Bellovin Josh Benaloh Matt Blaze Jon Callas Whitfield Diffie Susan Landau Peter\u00a0G Neumann Ronald\u00a0L Rivest et\u00a0al. 2024. Bugs in our pockets: The risks of client-side scanning. Journal of Cybersecurity 10 1 (2024) 1\u201318. 10.1093\/cybsec\/tyad020.","DOI":"10.1093\/cybsec\/tyad020"},{"key":"e_1_3_3_2_3_2","doi-asserted-by":"publisher","DOI":"10.1145\/988772.988777"},{"key":"e_1_3_3_2_4_2","doi-asserted-by":"crossref","unstructured":"Alessandro Acquisti Laura Brandimarte and George Loewenstein. 2020. Secrets and Likes: The Drive for Privacy and the Difficulty of Achieving It in the Digital Age. Journal of Consumer Psychology 30 4 (2020) 736\u2013758. 10.1002\/jcpy.1191.","DOI":"10.1002\/jcpy.1191"},{"key":"e_1_3_3_2_5_2","doi-asserted-by":"crossref","unstructured":"Anne Adams and Martina\u00a0Angela Sasse. 1999. Users are not the enemy. Commun. ACM 42 12 (1999) 40\u201346. 10.1145\/322796.322806.","DOI":"10.1145\/322796.322806"},{"key":"e_1_3_3_2_6_2","doi-asserted-by":"crossref","unstructured":"Eirik Albrechtsen. 2007. A qualitative study of users\u2019 view on information security. Computers & Security 26 4 (2007) 276\u2013289. 10.1016\/j.cose.2006.11.004.","DOI":"10.1016\/j.cose.2006.11.004"},{"key":"e_1_3_3_2_7_2","doi-asserted-by":"crossref","unstructured":"Eirik Albrechtsen and Jan Hovden. 2010. Improving information security awareness and behaviour through dialogue participation and collective reflection. An intervention study. Computers & Security 29 4 (2010) 432\u2013445. 10.1016\/j.cose.2009.12.005.","DOI":"10.1016\/j.cose.2009.12.005"},{"key":"e_1_3_3_2_8_2","unstructured":"Anita\u00a0L Allen. 2012. An ethical duty to protect one\u2019s own information privacy. Ala. L. Rev. 64 (2012) 845."},{"key":"e_1_3_3_2_9_2","doi-asserted-by":"crossref","unstructured":"Mohamed Alsharnouby Furkan Alaca and Sonia Chiasson. 2015. Why phishing still works: User strategies for combating phishing attacks. International Journal of Human-Computer Studies 82 (2015) 69\u201382. 10.1016\/j.ijhcs.2015.05.005.","DOI":"10.1016\/j.ijhcs.2015.05.005"},{"key":"e_1_3_3_2_10_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2001.991552"},{"key":"e_1_3_3_2_11_2","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-58618-0_67"},{"key":"e_1_3_3_2_12_2","unstructured":"Australian Prudential Regulatory Authority. 2025. https:\/\/www.apra.gov.au\/."},{"key":"e_1_3_3_2_13_2","doi-asserted-by":"crossref","unstructured":"Robin Bankel and Cecilia Sol\u00e9r. 2025. Embedded-embodied consumer experiences and the limits of responsibilization theory. Social Responsibility Journal 21 4 (2025) 793\u2013808. 10.1108\/SRJ-04-2024-0252.","DOI":"10.1108\/SRJ-04-2024-0252"},{"key":"e_1_3_3_2_14_2","doi-asserted-by":"crossref","unstructured":"Kaushik Basu. 2022. The Samaritan\u2019s Curse: moral individuals and immoral groups. Economics & Philosophy 38 1 (2022) 132\u2013151. 10.1017\/S0266267121000067.","DOI":"10.1017\/S0266267121000067"},{"key":"e_1_3_3_2_15_2","first-page":"47","volume-title":"Proceedings of the New Security Paradigms Workshop","author":"Beautement Adam","year":"2008","unstructured":"Adam Beautement, M\u00a0Angela Sasse, and Mike Wonham. 2008. The compliance budget: managing security behaviour in organisations. In Proceedings of the New Security Paradigms Workshop. ACM, California USA, September 22 - 25, 2008, 47\u201358. 10.1145\/1595676.1595684."},{"key":"e_1_3_3_2_16_2","doi-asserted-by":"crossref","unstructured":"Omri Ben-Shahar. 2019. Data pollution. Journal of Legal Analysis 11 (2019) 104\u2013159. 10.1093\/jla\/laz005.","DOI":"10.1093\/jla\/laz005"},{"key":"e_1_3_3_2_17_2","first-page":"103","volume-title":"Eleventh Symposium on Usable Privacy and Security (SOUPS)","author":"Blythe John\u00a0M","year":"2015","unstructured":"John\u00a0M Blythe, Lynne Coventry, and Linda Little. 2015. Unpacking security policy compliance: The motivators and barriers of employees\u2019 security behaviors. In Eleventh Symposium on Usable Privacy and Security (SOUPS). USENIX, Ottawa, Canada, 103\u2013122. 10.1145\/1595676.1595684."},{"key":"e_1_3_3_2_18_2","volume-title":"Proceedings of the New Security Paradigms Workshop","author":"Bose Robert","year":"2025","unstructured":"Robert Bose and Tristan Caulfield. 2025. Cyber Risk Integration framework for Boards (CRIB): If Boards Had KPIs, Would They Pass?. In Proceedings of the New Security Paradigms Workshop. ACM, Germany."},{"key":"e_1_3_3_2_19_2","doi-asserted-by":"crossref","first-page":"405","DOI":"10.1007\/978-1-4471-0515-2_27","volume-title":"Proceedings of HCI 2000. People and Computers XIV\u2014Usability or Else!","author":"Brostoff Sacha","year":"2000","unstructured":"Sacha Brostoff and M\u00a0Angela Sasse. 2000. Are Passfaces more usable than passwords? A field trial investigation. In Proceedings of HCI 2000. People and Computers XIV\u2014Usability or Else!Springer, Copenhagen, Denmark, 405\u2013424. 10.1007\/978-1-4471-0515-2_27."},{"key":"e_1_3_3_2_20_2","first-page":"4105","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Brunken Lina","year":"2023","unstructured":"Lina Brunken, Annalina Buckmann, Jonas Hielscher, and M\u00a0Angela Sasse. 2023. \u201cTo Do This Properly, You Need More Resources\u201d: The Hidden Costs of Introducing Simulated Phishing Campaigns. In 32nd USENIX Security Symposium (USENIX Security 23). USENIX, Anaheim, USA, 4105\u20134122."},{"key":"e_1_3_3_2_21_2","doi-asserted-by":"crossref","unstructured":"Wolfgang Buchholz and Todd Sandler. 2021. Global Public Goods: A Survey. Journal of Economic Literature 59 2 (jun 2021) 488\u2013545. 10.1257\/jel.20191546.","DOI":"10.1257\/jel.20191546"},{"key":"e_1_3_3_2_22_2","doi-asserted-by":"crossref","unstructured":"David Buil-Gil Steven Kemp Stefanie Kuenzel Lynne Coventry Sameh Zakhary Daniel Tilley and James Nicholson. 2023. The digital harms of smart home devices: A systematic literature review. Computers in Human Behavior 145 (2023) 107770. 10.1016\/j.chb.2023.107770.","DOI":"10.1016\/j.chb.2023.107770"},{"key":"e_1_3_3_2_23_2","doi-asserted-by":"crossref","unstructured":"Mark Button and Jack Whittaker. 2021. Exploring the voluntary response to cyber-fraud: From vigilantism to responsibilisation. International Journal of Law Crime and Justice 66 (2021) 100482. 10.1016\/j.ijlcj.2021.100482.","DOI":"10.1016\/j.ijlcj.2021.100482"},{"key":"e_1_3_3_2_24_2","first-page":"1","volume-title":"Proceedings of the 52nd Hawaii International Conference on System Sciences","author":"Camp L\u00a0Jean","year":"2019","unstructured":"L\u00a0Jean Camp, Marthie Grobler, Julian Jang-Jaccard, Christian Probst, Karen Renaud, and Paul Watters. 2019. Measuring human resilience in the face of the global epidemiology of cyber attacks. In Proceedings of the 52nd Hawaii International Conference on System Sciences. HICSS, Hawaii, 1\u201310. 10.24251\/HICSS.2019.574."},{"key":"e_1_3_3_2_25_2","doi-asserted-by":"crossref","unstructured":"Myriam\u00a0Dunn Cavelty. 2019. The materiality of cyberthreats: securitization logics in popular visual culture. Critical Studies on Security 7 2 (2019) 138\u2013151. 10.1080\/21624887.2019.1666632.","DOI":"10.1080\/21624887.2019.1666632"},{"key":"e_1_3_3_2_26_2","unstructured":"Edgar Chavez\u00a0Sosa. 2024. Insinuating Fear and Hatred through Nazi Propaganda. History in the Making 17 1 (2024) 8."},{"key":"e_1_3_3_2_27_2","first-page":"121","volume-title":"People and Computers XXII Culture, Creativity, Interaction","author":"Chiasson Sonia","year":"2008","unstructured":"Sonia Chiasson, Alain Forget, Robert Biddle, and Paul\u00a0C Van\u00a0Oorschot. 2008. Influencing users towards better passwords: persuasive cued click-points. In People and Computers XXII Culture, Creativity, Interaction. British Computer Society, London, UK, 121\u2013130. 10.14236\/ewic\/HCI2008.12."},{"key":"e_1_3_3_2_28_2","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653722"},{"key":"e_1_3_3_2_29_2","first-page":"1","volume-title":"USENIX Security Symposium","author":"Chiasson Sonia","year":"2006","unstructured":"Sonia Chiasson, Paul\u00a0C van Oorschot, and Robert Biddle. 2006. A Usability Study and Critique of Two Password Managers. In USENIX Security Symposium , Vol.\u00a015. ACM, Vancouver, B.C., Canada, 1\u201316."},{"key":"e_1_3_3_2_30_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.4324\/9781003017011","volume-title":"The Right to be Forgotten","author":"Cofone Ignacio\u00a0N","year":"2020","unstructured":"Ignacio\u00a0N Cofone. 2020. Online harms and the right to be forgotten. In The Right to be Forgotten. Routledge, London, UK, 1\u201316. 10.4324\/9781003017011."},{"key":"e_1_3_3_2_31_2","series-title":"(CHI \u201919)","first-page":"1","volume-title":"Proceedings of the CHI Conference on Human Factors in Computing Systems","author":"Coles-Kemp Lizzie","year":"2019","unstructured":"Lizzie Coles-Kemp and Rikke\u00a0Bjerg Jensen. 2019. Accessing a New Land: Designing for a Social Conceptualisation of Access. In Proceedings of the CHI Conference on Human Factors in Computing Systems(CHI \u201919). Association for Computing Machinery, Glasgow, Scotland UK, 1\u201312. 10.1145\/3290605.3300411."},{"key":"e_1_3_3_2_32_2","unstructured":"Liane M\u00a0Jarvis Cooper. 2021. Privacy Harms and Persecution. S. Cal. Interdisc. LJ 31 (2021) 469."},{"key":"e_1_3_3_2_33_2","doi-asserted-by":"crossref","unstructured":"Lorrie\u00a0Faith Cranor Praveen Guduru and Manjula Arjula. 2006. User interfaces for privacy agents. ACM Transactions on Computer-Human Interaction (TOCHI) 13 2 (2006) 135\u2013178. 10.1145\/1165734.116573.","DOI":"10.1145\/1165734.1165735"},{"key":"e_1_3_3_2_34_2","unstructured":"Andres Crocker Cory Doctorow and Naomi Gilens. 2020. Facebook\u2019s Election-Week War on Accountability is Wrong Wrong Wrong. https:\/\/www.eff.org\/deeplinks\/2020\/10\/facebooks-election-week-war-accountability-wrong-wrong-wrong Accessed April 2025."},{"key":"e_1_3_3_2_35_2","first-page":"23","volume-title":"Network and Distributed System Security Symposium (NDSS)","author":"Das Anupam","year":"2014","unstructured":"Anupam Das, Joseph Bonneau, Matthew Caesar, Nikita Borisov, and XiaoFeng Wang. 2014. The tangled web of password reuse. In Network and Distributed System Security Symposium (NDSS) , Vol.\u00a014. Internet Society, San Diego, USA, 23\u201326. 10.14722\/ndss\/2014.23357."},{"key":"e_1_3_3_2_36_2","first-page":"143","volume-title":"10th Symposium On Usable Privacy and Security (SOUPS)","author":"Das Sauvik","year":"2014","unstructured":"Sauvik Das, Tiffany Hyun-Jin Kim, Laura\u00a0A Dabbish, and Jason\u00a0I Hong. 2014. The effect of social influence on security sensitivity. In 10th Symposium On Usable Privacy and Security (SOUPS). USENIX, Menlo Park, California, 143\u2013157."},{"key":"e_1_3_3_2_37_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-13654-2"},{"key":"e_1_3_3_2_38_2","doi-asserted-by":"publisher","DOI":"10.1145\/3584318.3584323"},{"key":"e_1_3_3_2_39_2","doi-asserted-by":"publisher","DOI":"10.1145\/3633500.3633506"},{"key":"e_1_3_3_2_40_2","doi-asserted-by":"publisher","DOI":"10.1145\/3703465.3703474"},{"key":"e_1_3_3_2_41_2","doi-asserted-by":"crossref","unstructured":"Antonella De\u00a0Angeli Lynne Coventry Graham Johnson and Karen Renaud. 2005. Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. International Journal of Human-Computer Studies 63 1-2 (2005) 128\u2013152. 10.1016\/j.ijhcs.2005.04.020.","DOI":"10.1016\/j.ijhcs.2005.04.020"},{"key":"e_1_3_3_2_42_2","unstructured":"Ralf De\u00a0Wolf and Stijn Joye. 2019. Control responsibility: The discursive construction of privacy teens and Facebook in Flemish newspapers. International Journal of Communication 13 (2019) 20."},{"key":"e_1_3_3_2_43_2","volume-title":"9th USENIX Security Symposium (USENIX Security 00)","author":"Dhamija Rachna","year":"2000","unstructured":"Rachna Dhamija and Adrian Perrig. 2000. Deja-Vu A User Study: Using Images for Authentication. In 9th USENIX Security Symposium (USENIX Security 00). USENIX."},{"key":"e_1_3_3_2_44_2","doi-asserted-by":"crossref","unstructured":"Paul Dourish Rebecca\u00a0E Grinter Jessica Delgado De La\u00a0Flor and Melissa Joseph. 2004. Security in the wild: user strategies for managing security as an everyday practical problem. Personal and Ubiquitous Computing 8 (2004) 391\u2013401. 10.1007\/s00779-004-0308-5.","DOI":"10.1007\/s00779-004-0308-5"},{"key":"e_1_3_3_2_45_2","unstructured":"Edelman. 2023. 2023 Edelman Trust Barometer Reveals Business is the Only Institution Viewed as Ethical and Competent; Emerges as Ethical Force for Good in a Polarized World. https:\/\/www.edelman.com\/news-awards\/2023-edelman-trust-barometer."},{"key":"e_1_3_3_2_46_2","doi-asserted-by":"crossref","first-page":"4254","DOI":"10.1145\/3025453.3025636","volume-title":"Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems","author":"Eiband Malin","year":"2017","unstructured":"Malin Eiband, Mohamed Khamis, Emanuel Von\u00a0Zezschwitz, Heinrich Hussmann, and Florian Alt. 2017. Understanding shoulder surfing in the wild: Stories from users and observers. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems. ACM, Denver, USA, 4254\u20134265. 10.1145\/3025453.302563."},{"key":"e_1_3_3_2_47_2","doi-asserted-by":"crossref","unstructured":"Sarah Elwood and Agnieszka Leszczynski. 2011. Privacy reconsidered: New representations data practices and the geoweb. Geoforum 42 1 (2011) 6\u201315. 10.1016\/j.geoforum.2010.08.003.","DOI":"10.1016\/j.geoforum.2010.08.003"},{"key":"e_1_3_3_2_48_2","doi-asserted-by":"crossref","unstructured":"Gunn Enli and Karin Fast. 2023. Political Solutions or user Responsibilization? How Politicians understand Problems Connected to Digital Overload. Convergence: The International Journal of Research into New Media Technologies 29 3 (2023) 675\u2013689. 10.1177\/1354856523116061810.1177\/13548565231160618.","DOI":"10.1177\/13548565231160618"},{"key":"e_1_3_3_2_49_2","first-page":"59","volume-title":"Twelfth Symposium on Usable Privacy and Security (SOUPS 2016)","author":"Fagan Michael","year":"2016","unstructured":"Michael Fagan and Mohammad Maifi\u00a0Hasan Khan. 2016. Why do they do what they do?: A study of what motivates users to (not) follow computer security advice. In Twelfth Symposium on Usable Privacy and Security (SOUPS 2016). USENIX, Denver, USA, 59\u201375."},{"key":"e_1_3_3_2_50_2","doi-asserted-by":"crossref","unstructured":"Benjamin Farrand. 2024. How do we understand online harms? The impact of conceptual divides on regulatory divergence between the Online Safety Act and Digital Services Act. Journal of Media Law 16 2 (2024) 1\u201323. 10.1080\/17577632.2024.2357463.","DOI":"10.1080\/17577632.2024.2357463"},{"key":"e_1_3_3_2_51_2","unstructured":"FasterCapital. 2024. Examples Of Counterfactual Thinking In Everyday Life. https:\/\/fastercapital.com\/topics\/examples-of-counterfactual-thinking-in-everyday-life.html Accessed 10\/6\/2025."},{"key":"e_1_3_3_2_52_2","doi-asserted-by":"publisher","DOI":"10.1145\/3290607.3312846"},{"key":"e_1_3_3_2_53_2","unstructured":"Daniel\u00a0M Filler David\u00a0M Haendler and Jordan\u00a0L Fischer. 2022. Negligence at the Breach: Information Fiduciaries and the Duty to Care for Data. Conn. L. Rev. 54 (2022) 105."},{"key":"e_1_3_3_2_54_2","doi-asserted-by":"crossref","unstructured":"Piers Fleming S\u00a0Gareth Edwards Andrew\u00a0P Bayliss and Charles\u00a0R Seger. 2023. Tell me more tell me more: repeated personal data requests increase disclosure. Journal of Cybersecurity 9 1 (2023) tyad005. 10.1093\/cybsec\/tyad005.","DOI":"10.1093\/cybsec\/tyad005"},{"key":"e_1_3_3_2_55_2","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242661"},{"key":"e_1_3_3_2_56_2","doi-asserted-by":"crossref","first-page":"13","DOI":"10.1145\/1073001.1073003","volume-title":"Proceedings of the 2005 Symposium on Usable Privacy and Security","author":"Garfinkel Simson\u00a0L","year":"2005","unstructured":"Simson\u00a0L Garfinkel and Robert\u00a0C Miller. 2005. Johnny 2: a user test of key continuity management with S\/MIME and Outlook Express. In Proceedings of the 2005 Symposium on Usable Privacy and Security. ACM, Pittsburgh, USA, 13\u201324."},{"key":"e_1_3_3_2_57_2","doi-asserted-by":"crossref","unstructured":"David Garland. 1996. The limits of the sovereign state: Strategies of crime control in contemporary society. The British Journal of Criminology 36 4 (1996) 445\u2013471. 10.1093\/oxfordjournals.bjc.a014105.","DOI":"10.1093\/oxfordjournals.bjc.a014105"},{"key":"e_1_3_3_2_58_2","doi-asserted-by":"crossref","DOI":"10.7208\/chicago\/9780226190174.001.0001","volume-title":"The culture of control: Crime and social order in contemporary society","author":"Garland David","year":"2001","unstructured":"David Garland. 2001. The culture of control: Crime and social order in contemporary society. Vol.\u00a077. Oxford University Press, Oxford, UK."},{"key":"e_1_3_3_2_59_2","first-page":"44","volume-title":"Proceedings of the Second Symposium on Usable Privacy and Security","author":"Gaw Shirley","year":"2006","unstructured":"Shirley Gaw and Edward\u00a0W Felten. 2006. Password management strategies for online accounts. In Proceedings of the Second Symposium on Usable Privacy and Security. ACM, Pittsburgh, USA, 44\u201355. 10.1145\/1143120.114312."},{"key":"e_1_3_3_2_60_2","doi-asserted-by":"crossref","unstructured":"Saira Ghafur Soren Kristensen Kate Honeyford Guy Martin Ara Darzi and Paul Aylin. 2019. A retrospective impact analysis of the WannaCry cyberattack on the NHS. NPJ digital medicine 2 1 (2019) 98. 10.1038\/s41746-019-0161-6.","DOI":"10.1038\/s41746-019-0161-6"},{"key":"e_1_3_3_2_61_2","doi-asserted-by":"publisher","DOI":"10.1145\/642611.642636"},{"key":"e_1_3_3_2_62_2","unstructured":"Milena\u00a0M Head and Khaled Hassanein. 2002. Trust in e-commerce: Evaluating the impact of third-party seals. Quarterly Journal of Electronic Commerce 3 (2002) 307\u2013326."},{"key":"e_1_3_3_2_63_2","doi-asserted-by":"crossref","first-page":"112","DOI":"10.1145\/2841113.2841122","volume-title":"Proceedings of the 2015 New Security Paradigms Workshop","author":"Herley Cormac","year":"2015","unstructured":"Cormac Herley and Wolter Pieters. 2015. \" If you were attacked, you\u2019d be sorry\" Counterfactuals as security arguments. In Proceedings of the 2015 New Security Paradigms Workshop. ACM, Twente Netherlands, 112\u2013123. 10.1145\/2841113.2841122."},{"key":"e_1_3_3_2_64_2","doi-asserted-by":"crossref","unstructured":"Lisa Herzog. 2024. Big data and the risk of misguided responsibilization. Ethics and Information Technology 26 3 (2024) 1\u201310. 10.1007\/s10676-024-09794-2.","DOI":"10.1007\/s10676-024-09794-2"},{"key":"e_1_3_3_2_65_2","first-page":"2311","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Hielscher Jonas","year":"2023","unstructured":"Jonas Hielscher, Uta Menges, Simon Parkin, Annette Kluge, and M\u00a0Angela Sasse. 2023. \u201cEmployees Who Don\u2019t Accept the Time Security Takes Are Not Aware Enough\u201d: The CISO View of Human-Centred Security. In 32nd USENIX Security Symposium (USENIX Security 23). USENIX, Anaheim, USA, 2311\u20132328."},{"key":"e_1_3_3_2_66_2","first-page":"3295","volume-title":"33rd USENIX Security Symposium (USENIX Security 24)","author":"Hielscher Jonas","year":"2024","unstructured":"Jonas Hielscher and Simon Parkin. 2024. \"What Keeps People Secure is That They Met The Security Team\": Deconstructing Drivers And Goals of Organizational Security Awareness. In 33rd USENIX Security Symposium (USENIX Security 24). ACM, Bradford, USA, 3295\u20133312."},{"key":"e_1_3_3_2_67_2","doi-asserted-by":"crossref","first-page":"383","DOI":"10.1145\/1753326.1753384","volume-title":"Proceedings of the SIGCHI Conference on Human Factors in Computing Systems","author":"Inglesant Philip\u00a0G","year":"2010","unstructured":"Philip\u00a0G Inglesant and M\u00a0Angela Sasse. 2010. The true cost of unusable password policies: password use in the wild. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, Atlanta, USA, 383\u2013392. 10.1145\/1753326.175338."},{"key":"e_1_3_3_2_68_2","first-page":"327","volume-title":"Eleventh Symposium On Usable Privacy and Security (SOUPS 2015)","author":"Ion Iulia","year":"2015","unstructured":"Iulia Ion, Rob Reeder, and Sunny Consolvo. 2015. \u201c... No one can hack my Mind\u201d: Comparing Expert and Non-Expert security practices. In Eleventh Symposium On Usable Privacy and Security (SOUPS 2015). ACM, Ottawa, Canada, 327\u2013346."},{"key":"e_1_3_3_2_69_2","doi-asserted-by":"crossref","unstructured":"C Jarvie and K Renaud. 2024. Online Age Verification: Government Legislation Supplier Responsibilization and Public Perceptions. Children 11 9 (2024) 1068. 10.3390\/children11091068","DOI":"10.3390\/children11091068"},{"key":"e_1_3_3_2_70_2","doi-asserted-by":"crossref","unstructured":"Yinhao Jiang Mir\u00a0Ali Rezazadeh\u00a0Baee Leonie\u00a0Ruth Simpson Praveen Gauravaram Josef Pieprzyk Tanveer Zia Zhen Zhao and Zung Le. 2024. Pervasive user data collection from cyberspace: Privacy concerns and countermeasures. Cryptography 8 1 (2024) 5. 10.3390\/cryptography8010005.","DOI":"10.3390\/cryptography8010005"},{"key":"e_1_3_3_2_71_2","doi-asserted-by":"crossref","unstructured":"Mareile Kaufmann. 2016. Exercising emergencies: Resilience affect and acting out security. Security Dialogue 47 2 (2016) 99\u2013116. 10.1177\/0967010615613209.","DOI":"10.1177\/0967010615613209"},{"key":"e_1_3_3_2_72_2","doi-asserted-by":"crossref","unstructured":"Peter Kelly. 2001. Youth at risk: Processes of individualisation and responsibilisation in the risk society. Discourse: Studies in the Cultural Politics of Education 22 1 (2001) 23\u201333. 10.1080\/01596300120039731.","DOI":"10.1080\/01596300120039731"},{"key":"e_1_3_3_2_73_2","doi-asserted-by":"crossref","unstructured":"K. Kikerpill. 2021. The individual\u2019s role in cybercrime prevention: internal spheres of protection and our ability to safeguard them. Kybernetes 50 4 (2021) 1015\u20131026. 10.1108\/K-06-2020-0335.","DOI":"10.1108\/K-06-2020-0335"},{"key":"e_1_3_3_2_74_2","unstructured":"Kate Klonick. 2015. A new taxonomy for online harms. BUL Rev. Annex 95 (2015) 53."},{"key":"e_1_3_3_2_75_2","doi-asserted-by":"crossref","unstructured":"Sara Kraemer Pascale Carayon and John Clem. 2009. Human and organizational factors in computer and information security: Pathways to vulnerabilities. Computers & Security 28 7 (2009) 509\u2013520. 10.1016\/j.cose.2009.04.006.","DOI":"10.1016\/j.cose.2009.04.006"},{"key":"e_1_3_3_2_76_2","doi-asserted-by":"crossref","unstructured":"Santosh Kumar\u00a0Birthriya and Ankit\u00a0Kumar Jain. 2022. A comprehensive survey of phishing email detection and protection techniques. Information Security Journal: A Global Perspective 31 4 (2022) 411\u2013440. 10.1080\/19393555.2021.1959678.","DOI":"10.1080\/19393555.2021.1959678"},{"key":"e_1_3_3_2_77_2","doi-asserted-by":"crossref","unstructured":"Ponnurangam Kumaraguru Steve Sheng Alessandro Acquisti Lorrie\u00a0Faith Cranor and Jason Hong. 2010. Teaching Johnny not to fall for phish. ACM Transactions on Internet Technology (TOIT) 10 2 (2010) 1\u201331. 10.1145\/1754393.175439.","DOI":"10.1145\/1754393.1754396"},{"key":"e_1_3_3_2_78_2","first-page":"67","volume-title":"Proceedings of the Second Symposium on Usable Privacy and Security","author":"Kuo Cynthia","year":"2006","unstructured":"Cynthia Kuo, Sasha Romanosky, and Lorrie\u00a0Faith Cranor. 2006. Human selection of mnemonic phrase-based passwords. In Proceedings of the Second Symposium on Usable Privacy and Security. ACM, Pittsburgh, USA, 67\u201378. 10.1145\/1143120.114312."},{"key":"e_1_3_3_2_79_2","doi-asserted-by":"crossref","unstructured":"Benjamin\u00a0H. Lang Sven Nyholm and Jennifer Blumenthal-Barby. 2023. Responsibility Gaps and Black Box Healthcare AI: Shared Responsibilization as a Solution. Digital Society 2 52 (2023) 1\u201318. 10.1007\/s44206-023-00073-z.","DOI":"10.1007\/s44206-023-00073-z"},{"key":"e_1_3_3_2_80_2","first-page":"7231","volume-title":"33rd USENIX Security Symposium (USENIX Security 24)","author":"Lassak Leona","year":"2024","unstructured":"Leona Lassak, Elleen Pan, Blase Ur, and Maximilian Golla. 2024. Why Aren\u2019t We Using Passkeys? Obstacles Companies Face Deploying FIDO2 Passwordless Authentication. In 33rd USENIX Security Symposium (USENIX Security 24). USENIX, Philadelphia, USA, 7231\u20137248."},{"key":"e_1_3_3_2_81_2","doi-asserted-by":"crossref","unstructured":"Paul Lewis and Paul\u00a0Dragos Aligica. 2024. The Ostroms on self-governance: the importance of cybernetics. Journal of Institutional Economics 20 (2024) e23. 10.1017\/s1744137424000079.","DOI":"10.1017\/S1744137424000079"},{"key":"e_1_3_3_2_82_2","doi-asserted-by":"publisher","DOI":"10.1145\/3531146.3534640"},{"key":"e_1_3_3_2_83_2","unstructured":"Neil MacEwan. 2017. Responsibilisation Rules and Rule-following concerning Cyber Security: Findings from Small Business Case Studies in the UK. Ph.\u00a0D. Dissertation. FACULTY OF SOCIAL HUMAN AND MATHEMATICAL SCIENCES."},{"key":"e_1_3_3_2_84_2","doi-asserted-by":"crossref","unstructured":"Ivan Manokha. 2018. Surveillance panopticism and self-discipline in the digital age. Surveillance and Society 16 2 (2018) 219\u2013237. 10.24908\/ss.v16i2.8346.","DOI":"10.24908\/ss.v16i2.8346"},{"key":"e_1_3_3_2_85_2","unstructured":"Kayleen Manwaring and Pamela\u00a0F Hanrahan. 2019. BEARing responsibility for cyber security in Australian financial institutions: The rising tide of directors\u2019 personal liability. Journal of Banking and Finance Law and Practice 30 1 (2019) 20\u201342. https:\/\/ssrn.com\/abstract=3284289."},{"key":"e_1_3_3_2_86_2","first-page":"1","volume-title":"Extended Abstracts of the CHI Conference on Human Factors in Computing Systems","author":"McDonald Nora","year":"2020","unstructured":"Nora McDonald, Karla Badillo-Urquiola, Morgan\u00a0G Ames, Nicola Dell, Elizabeth Keneski, Manya Sleeper, and Pamela\u00a0J Wisniewski. 2020. Privacy and power: Acknowledging the importance of privacy research and design for vulnerable populations. In Extended Abstracts of the CHI Conference on Human Factors in Computing Systems. ACM, Honolulu, USA, 1\u20138. 10.1145\/3334480.3375174."},{"key":"e_1_3_3_2_87_2","doi-asserted-by":"crossref","first-page":"87","DOI":"10.1145\/2413296.2413305","volume-title":"Proceedings of the 2012 New Security Paradigms Workshop","author":"Morton Anthony","year":"2012","unstructured":"Anthony Morton and M\u00a0Angela Sasse. 2012. Privacy is a process, not a PET: A theory for effective privacy practice. In Proceedings of the 2012 New Security Paradigms Workshop. ACM, Bertinoro, Italy, 87\u2013104. 10.1145\/2413296.241330."},{"key":"e_1_3_3_2_88_2","doi-asserted-by":"crossref","unstructured":"Alexios Mylonas Anastasia Kastania and Dimitris Gritzalis. 2013. Delegate the smartphone user? Security awareness in smartphone platforms. Computers & Security 34 (2013) 47\u201366. 10.1016\/j.cose.2012.11.004.","DOI":"10.1016\/j.cose.2012.11.004"},{"key":"e_1_3_3_2_89_2","doi-asserted-by":"crossref","unstructured":"John\u00a0F Nash\u00a0Jr. 1950. Equilibrium points in n-person games. Proceedings of the National Academy of Sciences 36 1 (1950) 48\u201349. 10.1073\/pnas.36.1.48.","DOI":"10.1073\/pnas.36.1.48"},{"key":"e_1_3_3_2_90_2","unstructured":"NCSC & CISA. 2025 2022. https:\/\/www.ncsc.gov.uk\/section\/information-for\/individuals-families https:\/\/www.cisa.gov\/news-events\/news\/4-things-you-can-do-keep-yourself-cyber-safe."},{"key":"e_1_3_3_2_91_2","unstructured":"Nuffield Council on Bioethics. 2015. The collection linking and use of data in biomedical research and healthcare: ethical issues. https:\/\/www.nuffieldbioethics.org\/publication\/the-collection-linking-and-use-of-data-in-biomedical-research-and-health-care-ethical-issues."},{"key":"e_1_3_3_2_92_2","doi-asserted-by":"crossref","unstructured":"Shola Olabode Rebecca Owens Viana\u00a0Nijia Zhang Jehana Copilah-Ali Maxim Kolomeets Han Wu Shrikant Malviya Karolina Markeviciute Tasos Spiliotopoulos Cristina Neesham et\u00a0al. 2023. Complex online harms and the smart home: A scoping review. Future Generation Computer Systems 149 (2023) 664\u2013678. 10.1016\/j.future.2023.08.019.","DOI":"10.1016\/j.future.2023.08.019"},{"key":"e_1_3_3_2_93_2","first-page":"6412","volume-title":"Proceedings of the CHI Conference on Human Factors in Computing Systems","author":"Oliveira Daniela","year":"2017","unstructured":"Daniela Oliveira, Harold Rocha, Huizi Yang, Donovan Ellis, Sandeep Dommaraju, Melis Muradoglu, Devon Weir, Adam Soliman, Tian Lin, and Natalie Ebner. 2017. Dissecting spear phishing emails for older vs young adults: On the interplay of weapons of influence and life domains in predicting susceptibility to phishing. In Proceedings of the CHI Conference on Human Factors in Computing Systems. ACM, Colorado, USA, 6412\u20136424. 10.1145\/3025453.3025831."},{"key":"e_1_3_3_2_94_2","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511807763"},{"key":"e_1_3_3_2_95_2","first-page":"319","volume-title":"Fifteenth Symposium On Usable Privacy and Security (SOUPS)","author":"Pearman Sarah","year":"2019","unstructured":"Sarah Pearman, Shikun\u00a0Aerin Zhang, Lujo Bauer, Nicolas Christin, and Lorrie\u00a0Faith Cranor. 2019. Why people (don\u2019t) use password managers effectively. In Fifteenth Symposium On Usable Privacy and Security (SOUPS). Springer, Santa Clara, USA, 319\u2013338. 10.1023\/A:1011902718709."},{"key":"e_1_3_3_2_96_2","volume-title":"Workfare states","author":"Peck Jamie","year":"2001","unstructured":"Jamie Peck. 2001. Workfare states. Guilford Press, New York, USA."},{"key":"e_1_3_3_2_97_2","unstructured":"Claudia Peersman Jos\u00e9\u00a0Tomas Llanos Corinne May-Chahal Ryan McConville Partha\u00a0Das Chowdhury and Emiliano De\u00a0Cristofaro. 2023. Towards a Framework for Evaluating CSAM Prevention and Detection Tools in the Context of End-to-end-encryption Environments: a Case Study. https:\/\/bpb-eu-w2.wpmucdn.com\/blogs.bristol.ac.uk\/dist\/1\/670\/files\/2023\/02\/Safety-Tech-Challenge-Fund-evaluation-framework-report.pdf."},{"key":"e_1_3_3_2_98_2","doi-asserted-by":"crossref","unstructured":"Michael\u00a0A Peters. 2017. From state responsibility for education and welfare to self-responsibilisation in the market. Discourse: Studies in the Cultural Politics of Education 38 1 (2017) 138\u2013145. 10.1080\/01596306.2016.1163854.","DOI":"10.1080\/01596306.2016.1163854"},{"key":"e_1_3_3_2_99_2","doi-asserted-by":"crossref","unstructured":"Richard\u00a0A Posner. 1977. The right of privacy. Ga. L. Rev. 12 (1977) 393.","DOI":"10.1017\/S0021223700005926"},{"key":"e_1_3_3_2_100_2","unstructured":"Principles of Responsible Investment. 2020. Fiduciary Duty in the 21st Century: A Final Report. https:\/\/www.unpri.org\/download?ac=11972 Accessed April 2025."},{"key":"e_1_3_3_2_101_2","doi-asserted-by":"crossref","unstructured":"Suzanne Prior and Karen Renaud. 2023. Who Is Best Placed to Support Cyber Responsibilized UK Parents? Children 10 7 (2023) 1130\u20131130. 10.3390\/children10071130.","DOI":"10.3390\/children10071130"},{"key":"e_1_3_3_2_102_2","doi-asserted-by":"crossref","unstructured":"Jarkko Pyysi\u00e4inen Darren Halpin and Andrew Guilfoyle. 2017. Neoliberal governance and \u2018responsibilization\u2019of agents: reassessing the mechanisms of responsibility-shift in neoliberal discursive environments. Distinktion: Journal of Social Theory 18 2 (2017) 215\u2013235. 10.1080\/1600910X.2017.1331858.","DOI":"10.1080\/1600910X.2017.1331858"},{"key":"e_1_3_3_2_103_2","doi-asserted-by":"crossref","unstructured":"J. Pyysi\u00e4inen D. Halpin and A. Guilfoyle. 2017. Neoliberal governance and \u2018responsibilization\u2019 of agents: reassessing the mechanisms of responsibility-shift in neoliberal discursive environments. Distinktion: Journal of Social Theory 18 2 (2017) 215\u2013235. 10.1080\/1600910X.2017.1331858.","DOI":"10.1080\/1600910X.2017.1331858"},{"key":"e_1_3_3_2_104_2","doi-asserted-by":"crossref","unstructured":"Karen Renaud Stephen Flowerday Merrill Warkentin Paul Cockshott and Craig Orgeron. 2018. Is the responsibilization of the cyber security risk reasonable and judicious? Computers & Security 78 (2018) 198\u2013211. 10.1016\/j.cose.2018.06.006.","DOI":"10.1016\/j.cose.2018.06.006"},{"key":"e_1_3_3_2_105_2","first-page":"309","volume-title":"16th International Conference on Cyber Warfare and Security","author":"Renaud Karen","year":"2021","unstructured":"Karen Renaud, Alfred Musarurwa, and Verena Zimmermann. 2021. Contemplating blame in cyber security. In 16th International Conference on Cyber Warfare and Security. Academic Conferences Ltd, Online, 309\u2013317."},{"key":"e_1_3_3_2_106_2","doi-asserted-by":"crossref","unstructured":"Karen Renaud Craig Orgeron Merrill Warkentin and Edward French. 2020. Cyber security responsibilization: an evaluation of the intervention approaches adopted by the Five Eyes countries and China. Public Administration Review 80 4 (2020) 577\u2013589. 10.1111\/puar.13210","DOI":"10.1111\/puar.13210"},{"key":"e_1_3_3_2_107_2","doi-asserted-by":"crossref","unstructured":"Karen Renaud Karl Van Der\u00a0Schyff and Stuart MacDonald. 2023. Would US citizens accept cybersecurity deresponsibilization? Perhaps not. Computers & Security 131 (2023) 103301. 10.1016\/j.cose.2023.103301.","DOI":"10.1016\/j.cose.2023.103301"},{"key":"e_1_3_3_2_108_2","first-page":"83","volume-title":"Sharenting Practices, Consequences and Protective Measures","author":"Roth Silke","year":"2025","unstructured":"Silke Roth, Pamela Ugwudike, Anita Lavorgna, Stuart\u00a0E Middleton, Natalie Djohari, Morena Tartari, and Arpan Mandal. 2025. Sharenting Risks and Harms: A Criminological Perspective. In Sharenting Practices, Consequences and Protective Measures, Michel Walrave, Ini Vanwesenbeeck, Liselot Hudders, and Emma Beuckels (Eds.). Springer, Switzerland, 83\u201396. 10.1007\/978-3-031-74105-0_5."},{"key":"e_1_3_3_2_109_2","doi-asserted-by":"publisher","DOI":"10.1145\/3459637.3482302"},{"key":"e_1_3_3_2_110_2","first-page":"36","volume-title":"Governing the Crisis: Law, Human Rights and COVID-19","author":"Salminen Mirva","year":"2021","unstructured":"Mirva Salminen and Jenna P\u00e4l\u00e4s. 2021. The COVID-19 induced societal digital leap: incorporating a legal view in the responsibilisation of individuals for cybersecurity. In Governing the Crisis: Law, Human Rights and COVID-19. Lit verlag, Z\u00fcrich, Switzerland, 36\u201364."},{"key":"e_1_3_3_2_111_2","doi-asserted-by":"crossref","unstructured":"Shruti Sannon and Andrea Forte. 2022. Privacy research with marginalized groups: what we know what\u2019s needed and what\u2019s next. Proceedings of the ACM on Human-Computer Interaction 6 CSCW2 (2022) 1\u201333. 10.1145\/3555556.","DOI":"10.1145\/3555556"},{"key":"e_1_3_3_2_112_2","doi-asserted-by":"crossref","unstructured":"Martina\u00a0Angela Sasse Sacha Brostoff and Dirk Weirich. 2001. Transforming the \u2018weakest link\u2019\u2014a human\/computer interaction approach to usable and effective security. BT Technology Journal 19 3 (2001) 122\u2013131.","DOI":"10.1023\/A:1011902718709"},{"key":"e_1_3_3_2_113_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.35"},{"key":"e_1_3_3_2_114_2","first-page":"5412","volume-title":"Proceedings of the CHI Conference on Human Factors in Computing Systems","author":"Schlesinger Ari","year":"2017","unstructured":"Ari Schlesinger, W.\u00a0Keith Edwards, and Rebecca\u00a0E. Grinter. 2017. Intersectional HCI: Engaging Identity through Gender, Race, and Class. In Proceedings of the CHI Conference on Human Factors in Computing Systems. ACM, Colorado, USA, 5412\u20135427. 10.1145\/3025453.302576."},{"key":"e_1_3_3_2_115_2","first-page":"69","volume-title":"Contributions to the Theory of Games","author":"Shapley L.\u00a0S.","year":"1953","unstructured":"L.\u00a0S. Shapley. 1953. A Value for n-Person Games. In Contributions to the Theory of Games. Vol.\u00a0II. Princeton University Press, Princeton, Chapter\u00a07, 69\u201379. 10.1515\/9781400829156-012."},{"key":"e_1_3_3_2_116_2","doi-asserted-by":"crossref","first-page":"2657","DOI":"10.1145\/2556288.2557330","volume-title":"Proceedings of the SIGCHI Conference on Human Factors in Computing Systems","author":"Shay Richard","year":"2014","unstructured":"Richard Shay, Iulia Ion, Robert\u00a0W Reeder, and Sunny Consolvo. 2014. \u201cMy religious aunt asked why I was trying to sell her viagra\u201d\u2019: experiences with account hijacking. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, Toronto, USA, 2657\u20132666. 10.1145\/2556288.255733."},{"key":"e_1_3_3_2_117_2","doi-asserted-by":"crossref","unstructured":"Jordan Shropshire Merrill Warkentin and Shwadhin Sharma. 2015. Personality attitudes and intentions: Predicting initial adoption of information security behavior. Computers & Security 49 (2015) 177\u2013191. 10.1016\/j.cose.2015.01.002.","DOI":"10.1016\/j.cose.2015.01.002"},{"key":"e_1_3_3_2_118_2","doi-asserted-by":"crossref","unstructured":"Juraj Sikra Karen\u00a0V Renaud and Daniel\u00a0R Thomas. 2024. Investigating what promotes and deters Scottish cybercrime reporting. Journal of Economic Criminology 6 (2024) 100103. 0.1016\/j.jeconc.2024.100103.","DOI":"10.1016\/j.jeconc.2024.100103"},{"key":"e_1_3_3_2_119_2","doi-asserted-by":"crossref","unstructured":"Linda Soneryd and Ylva Uggla. 2015. Green governmentality and responsibilization: new forms of governance and responses to \u2018consumer responsibility\u2019. Environmental Politics 24 6 (2015) 913\u2013931. 10.1080\/09644016.2015.1055885.","DOI":"10.1080\/09644016.2015.1055885"},{"key":"e_1_3_3_2_120_2","doi-asserted-by":"crossref","first-page":"2343","DOI":"10.1145\/2702123.2702365","volume-title":"Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems","author":"Song Youngbae","year":"2015","unstructured":"Youngbae Song, Geumhwan Cho, Seongyeol Oh, Hyoungshick Kim, and Jun\u00a0Ho Huh. 2015. On the effectiveness of pattern lock strength meters: Measuring the strength of real world pattern locks. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems. ACM, Seoul, Korea, 2343\u20132352. 10.1145\/2702123.270236."},{"key":"e_1_3_3_2_121_2","unstructured":"Stacey\u00a0B Steinberg. 2016. Sharenting: Children\u2019s privacy in the age of social media. Emory Lj 66 (2016) 839."},{"key":"e_1_3_3_2_122_2","series-title":"(SOUPS \u201914)","first-page":"243","volume-title":"Proceedings of the Tenth USENIX Conference on Usable Privacy and Security","author":"Stobert Elizabeth","year":"2014","unstructured":"Elizabeth Stobert and Robert Biddle. 2014. The password life cycle: user behaviour in managing passwords. In Proceedings of the Tenth USENIX Conference on Usable Privacy and Security(SOUPS \u201914). USENIX Association, Menlo Park, CA, 243\u2013255."},{"key":"e_1_3_3_2_123_2","doi-asserted-by":"crossref","first-page":"45","DOI":"10.1007\/978-3-030-42288-2_3","volume-title":"Victimology: research, policy and activism","author":"Sugiura Lisa","year":"2020","unstructured":"Lisa Sugiura and April Smith. 2020. Victim blaming, responsibilization and resilience in online sexual abuse and harassment. In Victimology: research, policy and activism. Springer, Switzerland, 45\u201379."},{"key":"e_1_3_3_2_124_2","doi-asserted-by":"crossref","unstructured":"Yingjie Tian Yurong Ding Saiji Fu and Dalian Liu. 2022. Data boundary and data pricing based on the Shapley value. IEEE Access 10 (2022) 14288\u201314300. 10.1145\/3459637.3482302","DOI":"10.1109\/ACCESS.2022.3147799"},{"key":"e_1_3_3_2_125_2","unstructured":"UK Government. 2025. UK government\u2019s Cyber Security Breaches Survey 2025. https:\/\/www.gov.uk\/government\/publications\/cyber-security-breaches-survey."},{"key":"e_1_3_3_2_126_2","first-page":"27","volume-title":"Proceedings of the European Symposium on Usable Security","author":"Ul\u00a0Haque Ehsan","year":"2023","unstructured":"Ehsan Ul\u00a0Haque, Mohammad Maifi\u00a0Hasan Khan, Md\u00a0Abdullah\u00a0Al Fahim, and Theodore Jensen. 2023. Divergences in Blame Attribution after a Security Breach based on Compliance Behavior: Implications for Post-breach Risk Communication. In Proceedings of the European Symposium on Usable Security. ACM, Copenhagen, Denmark, 27\u201347. 10.1145\/3617072.3617117"},{"key":"e_1_3_3_2_127_2","first-page":"3748","volume-title":"Proceedings of the CHI Conference on Human Factors in Computing Systems","author":"Ur Blase","year":"2016","unstructured":"Blase Ur, Jonathan Bees, Sean\u00a0M Segreti, Lujo Bauer, Nicolas Christin, and Lorrie\u00a0Faith Cranor. 2016. Do users\u2019 perceptions of password security match reality?. In Proceedings of the CHI Conference on Human Factors in Computing Systems. ACM, San Jose, USA, 3748\u20133760. 10.1145\/2858036.285854."},{"key":"e_1_3_3_2_128_2","first-page":"123","volume-title":"Eleventh Symposium on Usable Privacy and Security (SOUPS)","author":"Ur Blase","year":"2015","unstructured":"Blase Ur, Fumiko Noma, Jonathan Bees, Sean\u00a0M Segreti, Richard Shay, Lujo Bauer, Nicolas Christin, and Lorrie\u00a0Faith Cranor. 2015. \" I Added\u2019!\u2019at the End to Make It Secure\": Observing Password Creation in the Lab. In Eleventh Symposium on Usable Privacy and Security (SOUPS). USENIX, Ottawa, Canada, 123\u2013140."},{"key":"e_1_3_3_2_129_2","doi-asserted-by":"crossref","unstructured":"David\u00a0S Wall*. 2008. Cybercrime media and insecurity: The shaping of public perceptions of cybercrime. International Review of Law Computers & Technology 22 1-2 (2008) 45\u201363. 10.1080\/13600860801924907.","DOI":"10.1080\/13600860801924907"},{"key":"e_1_3_3_2_130_2","first-page":"60429","volume-title":"Advances in Neural Information Processing Systems","author":"Wang Jiachen\u00a0(Tianhao)","year":"2023","unstructured":"Jiachen\u00a0(Tianhao) Wang, Yuqing Zhu, Yu-Xiang Wang, Ruoxi Jia, and Prateek Mittal. 2023. A Privacy-Friendly Approach to Data Valuation. In Advances in Neural Information Processing Systems , A.\u00a0Oh, T.\u00a0Naumann, A.\u00a0Globerson, K.\u00a0Saenko, M.\u00a0Hardt, and S.\u00a0Levine (Eds.), Vol.\u00a036. Curran Associates, Inc., New Orleans, USA, 60429\u201360467."},{"key":"e_1_3_3_2_131_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833643"},{"key":"e_1_3_3_2_132_2","doi-asserted-by":"publisher","DOI":"10.1145\/1837110.1837125"},{"key":"e_1_3_3_2_133_2","first-page":"89","volume-title":"10th Symposium On Usable Privacy and Security (SOUPS)","author":"Wash Rick","year":"2014","unstructured":"Rick Wash, Emilee Rader, Kami Vaniea, and Michelle Rizor. 2014. Out of the loop: How automated software updates cause unintended security consequences. In 10th Symposium On Usable Privacy and Security (SOUPS). USENIX, Philadelphia, USA., 89\u2013104."},{"key":"e_1_3_3_2_134_2","first-page":"137","volume-title":"Proceedings of the New Security Paradigms Workshop","author":"Weirich Dirk","year":"2001","unstructured":"Dirk Weirich and Martina\u00a0Angela Sasse. 2001. Pretty good persuasion: a first step towards effective password security in the real world. In Proceedings of the New Security Paradigms Workshop. ACM, New Mexico, USA, 137\u2013143. 10.1145\/508171.50819."},{"key":"e_1_3_3_2_135_2","doi-asserted-by":"crossref","unstructured":"Jennifer\u00a0R Whitson and Kevin\u00a0D Haggerty. 2008. Identity theft and the care of the virtual self. Economy and Society 37 4 (2008) 572\u2013594. 10.1080\/03085140802357950.","DOI":"10.1080\/03085140802357950"},{"key":"e_1_3_3_2_136_2","first-page":"169","volume-title":"USENIX Security Symposium","author":"Whitten Alma","year":"1999","unstructured":"Alma Whitten and J\u00a0Doug Tygar. 1999. Why Johnny Can\u2019t Encrypt: A Usability Evaluation of PGP 5.0.. In USENIX Security Symposium , Vol.\u00a0348. 169\u2013184."},{"key":"e_1_3_3_2_137_2","first-page":"1","volume-title":"Proceedings of the Symposium on Usable Privacy and Security","author":"Wiedenbeck Susan","year":"2005","unstructured":"Susan Wiedenbeck, Jim Waters, Jean-Camille Birget, Alex Brodskiy, and Nasir Memon. 2005. Authentication using graphical passwords: Effects of tolerance and image choice. In Proceedings of the Symposium on Usable Privacy and Security. Interaction Design Foundation, Pennsylvania, USA, 1\u201312. 10.1145\/1073001.1073002."},{"key":"e_1_3_3_2_138_2","doi-asserted-by":"crossref","unstructured":"Susan Wiedenbeck Jim Waters Jean-Camille Birget Alex Brodskiy and Nasir Memon. 2005. PassPoints: Design and longitudinal evaluation of a graphical password system. International Journal of Human-Computer Studies 63 1-2 (2005) 102\u2013127. 10.1016\/j.ijhcs.2005.04.010.","DOI":"10.1016\/j.ijhcs.2005.04.010"},{"key":"e_1_3_3_2_139_2","doi-asserted-by":"crossref","unstructured":"Jeff Yan Alan Blackwell Ross Anderson and Alasdair Grant. 2004. Password memorability and security: Empirical results. IEEE Security & Privacy 2 5 (2004) 25\u201331. 10.1109\/MSP.2004.81.","DOI":"10.1109\/MSP.2004.81"},{"key":"e_1_3_3_2_140_2","doi-asserted-by":"crossref","unstructured":"Verena Zimmermann and Karen Renaud. 2019. Moving from a \u2018human-as-problem\u201d to a \u2018human-as-solution\u201d cybersecurity mindset. International Journal of Human-Computer Studies 131 (2019) 169\u2013187. 10.1016\/j.ijhcs.2019.05.005.","DOI":"10.1016\/j.ijhcs.2019.05.005"}],"event":{"name":"NSPW '25: New Security Paradigms Workshop","location":"Aerzen , Germany","acronym":"NSPW '25"},"container-title":["Proceedings of the 2025 New Security Paradigms Workshop"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3774761.3774763","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,29]],"date-time":"2026-01-29T09:31:55Z","timestamp":1769679115000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3774761.3774763"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,24]]},"references-count":139,"alternative-id":["10.1145\/3774761.3774763","10.1145\/3774761"],"URL":"https:\/\/doi.org\/10.1145\/3774761.3774763","relation":{},"subject":[],"published":{"date-parts":[[2025,8,24]]},"assertion":[{"value":"2026-01-29","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}