{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T03:22:07Z","timestamp":1773717727906,"version":"3.50.1"},"reference-count":44,"publisher":"SAGE Publications","issue":"5","license":[{"start":{"date-parts":[[2018,7,9]],"date-time":"2018-07-09T00:00:00Z","timestamp":1531094400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Hum Factors"],"published-print":{"date-parts":[[2018,8]]},"abstract":"<jats:sec><jats:title>Objective:<\/jats:title><jats:p> This work assesses the efficacy of the \u201cprevalence effect\u201d as a form of cyberattack in human-automation teaming, using an email task. <\/jats:p><\/jats:sec><jats:sec><jats:title>Background:<\/jats:title><jats:p> Under the prevalence effect, rare signals are more difficult to detect, even when taking into account their proportionally low occurrence. This decline represents diminished human capability to both detect and respond. As signal probability (SP) approaches zero, accuracy exhibits logarithmic decay. Cybersecurity, a context in which the environment is entirely artificial, provides an opportunity to manufacture conditions enhancing or degrading human performance, such as prevalence effects. Email cybersecurity prevalence effects have not previously been demonstrated, nor intentionally manipulated. <\/jats:p><\/jats:sec><jats:sec><jats:title>Method:<\/jats:title><jats:p> The Email Testbed (ET) provides a simulation of a clerical email work involving messages containing sensitive personal information. Using the ET, participants were presented with 300 email interactions and received cyberattacks at rates of either 1%, 5%, or 20%. <\/jats:p><\/jats:sec><jats:sec><jats:title>Results:<\/jats:title><jats:p> Results demonstrated the existence and power of prevalence effects in email cybersecurity. Attacks delivered at a rate of 1% were significantly more likely to succeed, and the overall pattern of accuracy across declining SP exhibited logarithmic decay. <\/jats:p><\/jats:sec><jats:sec><jats:title>Application:<\/jats:title><jats:p> These findings suggest a \u201cprevalence paradox\u201d within human-machine teams. As automation reduces attack SP, the human operator becomes increasingly likely to fail in detecting and reporting attacks that remain. In the cyber realm, the potential to artificially inflict this state on adversaries, hacking the human operator rather than algorithmic defense, is considered. Specific and general information security design countermeasures are offered. <\/jats:p><\/jats:sec>","DOI":"10.1177\/0018720818780472","type":"journal-article","created":{"date-parts":[[2018,7,9]],"date-time":"2018-07-09T22:35:36Z","timestamp":1531175736000},"page":"597-609","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":71,"title":["Hacking the Human: The Prevalence Paradox in Cybersecurity"],"prefix":"10.1177","volume":"60","author":[{"given":"Ben D.","family":"Sawyer","sequence":"first","affiliation":[{"name":"Massachusetts Institute of Technology, Cambridge"}]},{"given":"Peter A.","family":"Hancock","sequence":"additional","affiliation":[{"name":"University of Central Florida, Orlando"}]}],"member":"179","published-online":{"date-parts":[[2018,7,9]]},"reference":[{"key":"bibr1-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1177\/001872086300500205"},{"key":"bibr2-0018720818780472","volume-title":"Security engineering","author":"Anderson R.","year":"2008"},{"key":"bibr3-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1038\/415609a"},{"key":"bibr4-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1016\/j.promfg.2015.07.641"},{"key":"bibr5-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1177\/0018720813484498"},{"key":"bibr6-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1111\/j.1467-9280.2007.02006.x"},{"key":"bibr7-0018720818780472","volume-title":"Signal detection theory and psychophysics","author":"Green D. M.","year":"1966"},{"key":"bibr8-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-41932-9_13"},{"key":"bibr9-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1177\/1541931215591067"},{"key":"bibr10-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1080\/00140139608964535"},{"key":"bibr11-0018720818780472","volume-title":"Paper presented at the Ninth International Symposium on Aviation Psychology","author":"Hancock P. A.","year":"1997"},{"key":"bibr12-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1037\/a0030214"},{"key":"bibr13-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9781107785311"},{"key":"bibr14-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-61061-0_1"},{"key":"bibr15-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1177\/0018720811417254"},{"key":"bibr16-0018720818780472","first-page":"12","volume":"537","author":"Hancock P. A.","year":"2015","journal-title":"The Ergonomist"},{"key":"bibr17-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1201\/b10836-5"},{"key":"bibr18-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1177\/001872088903100503"},{"key":"bibr19-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1016\/S0166-4115(08)62386-9"},{"key":"bibr20-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1145\/1290958.1290968"},{"key":"bibr21-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1177\/001872088702900602"},{"key":"bibr22-0018720818780472","first-page":"17","author":"Lee J. B.","year":"2017","journal-title":"Transportation Research Record"},{"key":"bibr23-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1518\/hfes.46.1.50_30392"},{"key":"bibr24-0018720818780472","volume-title":"Cyber Vision 2025: United States Air Force Cyberspace Science and Technology Vision 2012-2025","author":"Maybury M. T.","year":"2012"},{"key":"bibr25-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1177\/0956797613504221"},{"key":"bibr26-0018720818780472","volume-title":"The future of cybercrime & security","author":"Moar J.","year":"2017"},{"key":"bibr27-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1177\/001872089606380211"},{"key":"bibr28-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1518\/001872000779697980"},{"key":"bibr29-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1518\/001872097778543886"},{"key":"bibr30-0018720818780472","volume-title":"2016 cost of cyber crime study & the risk of business innovation","author":"Ponemon Institute","year":"2016"},{"key":"bibr31-0018720818780472","volume-title":"Online survey generator","author":"Qualtrics","year":"2015"},{"key":"bibr32-0018720818780472","first-page":"14","volume-title":"Proceedings of the 19th Triennial Congress of the International Ergonomics Association","volume":"9","author":"Sawyer B. D.","year":"2015"},{"key":"bibr33-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1177\/1541931214581369"},{"issue":"2","key":"bibr34-0018720818780472","first-page":"157","volume":"32","author":"Sawyer B. D.","year":"2016","journal-title":"American Intelligence Journal"},{"key":"bibr35-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1080\/00140139.2015.1124928"},{"key":"bibr36-0018720818780472","doi-asserted-by":"publisher","DOI":"10.3758\/BRM.41.3.593"},{"key":"bibr37-0018720818780472","volume-title":"Internet Security Threat Report Volume 22","author":"Symantec","year":"2016"},{"key":"bibr38-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1080\/00140139.2014.921329"},{"key":"bibr39-0018720818780472","first-page":"15","volume-title":"Sustained attention in human performance","author":"Warm J. S.","year":"1984"},{"key":"bibr40-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1518\/001872008X312152"},{"key":"bibr41-0018720818780472","unstructured":"Washington Post. (2017). Why this Google Docs phishing attack is particularly sneaky. Retrieved from https:\/\/www.washingtonpost.com\/news\/the-switch\/wp\/2017\/05\/03\/why-this-google-docs-phishing-attack-is-particularly-sneaky\/"},{"key":"bibr42-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1038\/435439a"},{"key":"bibr43-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1037\/0096-3445.136.4.623"},{"key":"bibr44-0018720818780472","doi-asserted-by":"publisher","DOI":"10.1080\/00140139.2014.956151"}],"container-title":["Human Factors: The Journal of the Human Factors and Ergonomics Society"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.1177\/0018720818780472","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.1177\/0018720818780472","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.1177\/0018720818780472","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,3]],"date-time":"2025-03-03T23:24:03Z","timestamp":1741044243000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.1177\/0018720818780472"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,7,9]]},"references-count":44,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2018,8]]}},"alternative-id":["10.1177\/0018720818780472"],"URL":"https:\/\/doi.org\/10.1177\/0018720818780472","relation":{},"ISSN":["0018-7208","1547-8181"],"issn-type":[{"value":"0018-7208","type":"print"},{"value":"1547-8181","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,7,9]]}}}