Is Media Multitasking Good for Cybersecurity? Exploring the Relationship Between Media Multitasking and Everyday Cognitive Failures on Self-Reported Risky Cybersecurity Behaviors.

The current study focused on how engaging in media multitasking (MMT) and the experience of everyday cognitive failures impact on the individual's engagement in risky cybersecurity behaviors (RCsB). In total, 144 participants (32 males, 112 females) completed an online survey. The age range for participants was 18 to 43 years (M = 20.63, SD = 4.04). Participants completed three scales which included an inventory of weekly MMT, a measure of everyday cognitive failures, and RCsB. There was a significant difference between heavy media multitaskers (HMM), average media multitaskers (AMM), and light media multitaskers (LMM) in terms of RCsB, with HMM demonstrating more frequent risky behaviors than LMM or AMM. The HMM group also reported more cognitive failures in everyday life than the LMM group. A regression analysis showed that everyday cognitive failures and MMT acted as significant predictors for RCsB. These results expand our current understanding of the relationship between human factors and cybersecurity behaviors, which are useful to inform the design of training and intervention packages to mitigate RCsB.

Introduction

The National Cybersecurity Strategy 2016–2021[1] noted that susceptibility to cybercrime comes from the vulnerability of the victim, rather than being directly related to the ingenuity of the attacker. This report also noted that cybersecurity is not just about technology, but the contribution of human factors to cybersecurity. This point has been echoed by an increase in research exploring the role human factors could have on cybersecurity,[2-4] in particular the link between personality traits and information security.[5-7] Further research has indicated that activities related to the modern digital environment also impact on effective cybersecurity, noting that individuals who exhibit problematic Internet use more frequently engage in risky cybersecurity behaviors (RCsB), such as sharing passwords.[8] It has also been shown that cyberloafing activities (the use of company computer technology for nonwork purposes) can influence an individual's engagement in information security.[9] Exploration of such factors and their impact on cybersecurity are crucial if frameworks designed to mitigate the role of human factors in the cybersecurity are to be developed. A phenomenon of critical interest, given its prevalence in everyday life, is media multitasking (MMT).[10] A key aim of the current study is to explore if frequency of MMT is linked to higher levels of RCsB.

Previous work exploring human factors in the context of cybersecurity has focused on information security behaviors and personality traits. Studies have shown that the traits of agreeableness and conscientiousness were positively associated with good cybersecurity.[11,12] Conscientiousness, agreeableness, emotional stability, and risk taking have previously predicted an individual's capacity to engage in effective information security awareness.[13] Research has also noted that age and gender had no impact on information security awareness,[13] but higher levels of impulsivity have been linked to poorer information security.[14]

Further work has shown the potential for both Internet addiction and cyberloafing to influence aspects of information security, with links to RCsB and information security awareness.[8,9] While cyberloafing behavior typically occurs within the work environment, other activities associated with digital technology are not so context specific. An example of such an activity is that of MMT, which has been shown to have a wide and varied impact on concurrent task performance.[10] Excessive multitasking with smart devices has been found to relate to neglect of social and work-based activities.[15] Thus this study examined the link between MMT and cybersecurity behaviors.

Multitasking as a skill is seen as both desirable and essential for individuals to gain an advantage in both work and leisure.[16] The prevalence of portable Internet capable digital devices provides individuals enumerate possibilities to multitask not only with different applications but also different types of media.[15] MMT is defined as the simultaneous use of two or more types of media or a persistent alternation between media types.[10,17] MMT is a widespread pastime with 29 percent of 8 to 18 year olds regularly undertaking this behavior and 46 percent of participants indicating that they do MMT at least some of the time when using a computer.[18] Other research has noted that age groups ranging from 13 to 65 years old all engaged in more than 1 hour of MMT daily.[19] It should be noted that these figures are at least 5 years old and fail to incorporate recent advances in smart devices and digital technology.

Engaging in high levels of MMT has been linked to poor academic performance, cognitive function, socioeconomic outcomes, and failures of attention in everyday life.[10,20-22] Research has shown that adolescents reporting more frequent MMT also noted more problems with attentional focus and control, inhibiting impulses and inappropriate behaviors and switching between tasks.[23] Having a preference for multitasking and undertaking higher levels of MMT have been associated with self-reported problems with inattention, inhibition, planning and organizing, and task monitoring.[24] Higher levels of MMT have also been associated with more self-reported attentional failures and mind wandering, but not self-reported memory failures.[21] Therefore it appears that there is a link between higher levels of MMT and poorer self-reported cognitive skills.

Laboratory tasks have also shown differences between light media multitaskers (LMM) and heavy media multitaskers (HMM) in their cognitive skills. For example, it has been shown that compared to LMM, HMM have a poorer capacity to ignore task irrelevant information and irrelevant memory representations and have a poorer ability to switch between different tasks.[10] These results have been extended by recent research showing that higher levels of MMT was linked to poorer working memory skills[25] and poorer task engagement.[26]

These behavioral and self-report studies indicate that higher levels of MMT are linked to cognitive limitations. The cybersecurity consequences of this are wide ranging, with the potential for HMM individuals to be more prone to distraction and less likely to identify significant risks in their immediate environment. This could be due to problems with attentional focus, inhibition, memory encoding, and memory retrieval that have been reported in the literature.[10]

The link between frequency of engaging in MMT and cybersecurity has not yet been examined. Higher levels of MMT have already been linked to issues related to attention and awareness within the immediate environment.[21] It has also been linked to a reduced ability to inhibit impulses, inappropriate behaviors, and also to swap between tasks.[23] It could be that those engaged in frequent MMT are less likely to acknowledge risks or be aware of risk in their online digital behaviors. Therefore the present study examines the relationship between MMT and potentially risky information security behaviors. In addition, the research also aims to quantify the relationship between attentional failures, MMT, and the capacity to engage in RCsB.[21,26] By highlighting how individual differences impact on the cybersecurity posture of individuals, more robust and effective mitigation techniques can be developed to aid cyber inoculation.

Method

Participants

One hundred and forty-four participants (32 males, 112 females) aged between 18 and 43 years (M = 20.63, SD = 4.04) completed the study. Participants were Undergraduate students at De Montfort University recruited through a research participation pool and received course credits for taking part in the study.

In the current study participants were classified as LMM, average media multitasker (AMM), or HMM using scores from the media multitasking inventory (MMI) based on the method outlined in.[27] Forty-eight participants with the lowest MMI scores (≤3.44) were classified as LMM; 49 participants with the highest MMI scores (≥5.16) were classified as HMM. The remaining 47 participants (MMI scores between 3.48 and 5.15) were classified as AMM. This classification procedure of splitting the sample into tertiles avoids the limitations of an extreme group approach (e.g., exclusion of relevant data), ensured approximately equal numbers of participants in the three groups, and provided sufficient statistical power for the analysis.[27] A one-way between-subjects analysis of variance (ANOVA) confirmed that MMI scores were significantly different across the three groups [F(2, 141) = 389.517, p < 0.001, ηp2 = 0.847]. MMI scores were higher for the HMM (M = 6.39, SD = 0.84) than the AMM (M = 4.30, SD = 0.54) and lowest for the LMM (M = 2.42, SD = 0.68) (all ps < 0.001).

Measures

Media multitasking inventory

This study used the MMI which asks participants for the number of hours per week spent using each medium (watching TV, listening to nonmusical audio, listening to music, watching computer videos, text messaging, instant messing through Internet, playing video games, surfing the web, e-mailing, computer based applications, reading print, and talking on the telephone). For each medium, participants rated how often they used the other media simultaneously [Never (0), Some of the time (0.33), A little of the time (0.67), and Most of the time (1)].[10] For each participant, MMI scores were calculated using the formula outlined in the original study.[10] This involves summing the responses for the amount of concurrent media use for each primary media, which is multiplied by the number of hours of using that media and divided by the total hours of all media use. The MMI score is the sum of these individual primary media indexes and it indicates the average amount of MMT per hour of media usage. MMI scores were used as a continuous variable in the correlation and regression analyses. For the between-group analysis, participants were classified into MMT groups based on their MMI scores as outlined above.

Cognitive Failures Questionnaire in daily life

The cognitive failures questionnaire (CFQ) assesses lapses in cognition within the areas of perception, memory, and motor function during the last 6 months.[28] Participants respond to the 25 items (e.g., Do you drop things?) using a 5-point scale from never (0) to very often (4). Scores on the CFQ range between 0 and 100, and higher scores represent more cognitive failures. Item scores were summed to provide CFQ total scores for each participant.

Researchers have noted that the CFQ comprises of several factors.[29-33] However, there is little agreement between researchers as to the number of factors within the CFQ. For example, some researchers have reported the CFQ to have two factors,[34] three factors,[31] four factors,[32,33] or five factors.[29,30] Given that this research sought to examine the relationship among MMT, RCsB, and everyday cognitive failures, the total CFQ score was used as the dependent variable for this measure. A Cronbach's alpha of 0.911 for the 25-item scale was obtained for CFQ in this study.

RCsB scale

Developed in conjunction with law enforcement and digital forensic specialists, the initial RCsB scale included 15 items asking the participant to rate (0 = Never to 5 = Always) how often they had engaged in that behavior in the preceding 6 months. Items included “Sharing passwords with friends and colleagues,” “Using the same password for multiple Web sites,” and “Using an online storage system to exchange and keep personal or sensitive information.” Possible scores in the RCsB range from 0 to 75 (sum of item scores), with higher scores indicative of engaging in a greater number of RCsB. An overall Cronbach's alpha of 0.59 was obtained for the 15-item scale used in this study. Four items were removed due to poor inter-item reliability, resulting in a final 11-item scale with a Cronbach's alpha of 0.73. RCsB scores were based on the sum of scores for these 11 items.

Procedure

The questionnaires were distributed to participants through an online survey. Participants were invited to take part in the noncompulsory survey, given a brief introductory statement about the nature of the study and told that they could withdraw their participation at any point during the data collection. Upon completion of the survey participants were thanked for their time and debriefed about the study aims.

Results

An overall alpha level of 0.05 was used for the main statistical analyses. Where post hoc followup comparisons were used a Bonferroni adjusted alpha was used to control for Type 1 error. Unless noted all assumptions of data analysis methods were met.

Comparison of the MMT groups on RCsB scores

A one-way between-subjects ANOVA revealed a significant difference in RCsB scores between MMT groups, F(1, 141) = 7.71, p = 0.001, ηp2 = 0.099. Post hoc comparisons revealed significantly higher RCsB scores for the HMM (M = 29.18, SD = 7.37) compared to the LMM (M = 24.83, SD = 5.13), (p = 0.002) and for the HMM compared to the AMM (M = 25.00, SD = 5.80), (p = 0.004). There was no difference between LMM and AMM in their RCsB scores (p > 0.05).

Comparison of the MMT groups on the CFQ

A one-way ANOVA revealed a significant difference between MMT groups on their CFQ total scores, F(2, 141) = 3.57, p = 0.031, ηp2 = 0.048. There were significantly more cognitive failures for the HMM (M = 51.45, SD = 14.76) compared to the LMM (M = 44.44, SD = 14.01) (p = 0.046). There was no difference between the LMM and AMM (M = 45.36, SD = 13.31) or AMM and HMM in their CFQ scores (all ps > 0.05).

Relationship between MMI score cognitive failures and RCsB

Bivariate correlations revealed that the MMI scores were positively related to RCsB scores (r = 0.321, p < 0.001) and the CFQ total score (r = 0.241, p < 0.001). RCsB scores were positively related to CFQ scores (r = 0.389, p < 0.001).

A simultaneous regression analysis was conducted to explore the relationship between the predictor variables of the CFQ[27] and the MMI[10] scores and the outcome variable RCsB. CFQ and MMI scores were significant positive predictors, F(2, 141) = 18.294, p < 0.001, R2 = 0.206, R2Adjusted = 0.195, accounting for 19.5 percent of variance in RCsB scores. Full details are included in Table 1.

1.

Linear Regression Model for Media Multitasking Inventory and Cognitive Failures Questionnaire Scores as Predictors of Risky Cybersecurity Behaviors

	B	SE B	β	p
Constant	15.469	1.864
CFQ	0.150	0.035	0.331	<0.001
MMI	0.878	0.281	0.241	0.002

CFQ, Cognitive Failures Questionnaire; MMI, media multitasking inventory.

Discussion

This study explored how self-reported MMT influenced the frequency with which participants engaged in RCsB. A secondary aim was to explore how cognitive failures were associated with MMT and the potential for RCsB. The findings of the current study in relation to these key aims will now be discussed.

Differences between MMT groups and RCsB

Individuals who scored higher on the MMI also had higher RCsB scores, this being the first time that MMT has been linked to cybersecurity. This novel finding shows that everyday modern digital technology and media use can be related to an individual's cybersecurity posture. The actual reasons for such behaviors are most likely very complex and not attributable to one factor. Previous research has noted that those individuals who engaged in higher levels of MMT were more susceptible to irrelevant environment stimuli and therefore more distracted.[10] This finding has been replicated by other researchers.[35,36] The link between attention and MMT has also been examined in other research (e.g., Ref.[21,37-39]) with MMT being positively correlated with more attentional failures and higher levels of mind wandering.[39] These differences in MMT's capacity to attend to and be aware of environmental events have obvious links to cybersecurity and engaging in risky behaviors online, where distraction could result in the failure to recognize risks in the online environment.

Higher levels of MMT could also be associated with the Fear of Missing Out (FoMO; the pervasive fear that an individual is missing out on something because they are not online and digitally connected).[40] While at this time, the link between MMT and FoMO has not been explored, a link between these concepts is highly likely. An individual who has FoMO could be engaging in MMT to ensure that they are not missing out on critical social experiences. To stay online and to engage with social media the individual might bypass security protocols, circumvent antivirus, and use free-to-access WiFi, all of which increase their susceptibility to cybercrime.[8,9] The potential link between MMT and FoMO provides another pathway for exploring additional aspects of human factors, which could interfere with effective cybersecurity.

Higher levels of MMT have also been associated with greater levels of impulsivity,[17] and higher trait levels of impulsivity have been linked to poorer attitudes to cybersecurity and being more likely to engage in RCsB.[7,8] Given the common link between impulsivity and MMT and adherence to cybersecurity behaviors, this could be a key reason why those individuals who exhibit higher levels of MMT are also more risk prone in relation to cybersecurity. Those who are quick to act have limited time for reflection and are prone to distraction by multiple streams of information thereby paying less attention to the risks posed by poor cyber inoculation.

Examining the relationship among MMI, CFQ, and RCsB scores

Although previous research failed to find any significant correlation between MMT and self-reported memory failures, the current research showed a significant positive correlation between MMI scores and the CFQ scale.[39] While the reason for these different results is currently unclear, it could be that the CFQ is perhaps a more sensitive measure than the one used by other researchers. However such a discrepancy does highlight the need for more work to be conducted in this area.

Interestingly, those who reported more cognitive errors in everyday life had a higher frequency of engaging in RCsB. Perhaps those people who experience more cognitive failures (e.g., issues with memory or being more distracted) forget to adhere to cyber safety protocols or are less likely to remember to update operating systems and antivirus software. Thus it is logical that there is a link between MMT, everyday cognitive failures, and greater incidence of RCsB.

One limitation of this study is the use of self-reported data to explore RCsB. Even though the scale presented to participants does not directly indicate that particular behaviors are potentially riskier than others, some participants may have assumed the ‘best practice’ approach when considering options surrounding password sharing and construction. Therefore the actual frequency individuals engage in RCsB could be higher than self-reported. A suggestion for further research in this area is the development of a more accurate measure of behaviors that impact cybersecurity stance of the individual.

The participants in the current study were undergraduate students, which in turn limits the generalizability of the findings from the current study to wider populations. Although this might be seen as a limitation, it can also be seen as a focus on an at-risk population. For example, it has been noted that such a population represents a group that is most at risk of being victims of cybercrime.[41] Further research is warranted to explore how the results reported in this study compare to a sample from a wider and more varied population.

Conclusion

This study showed that individuals who engaged in more frequent MMT reported more everyday cognitive failures and reported a higher frequency of engaging in RCsB. The study presents one potential artifact of modern daily life that could impact on an individual's capacity to engage in effective cybersecurity behaviors. From this regard, it is imperative that more empirical work is conducted to examine how other phenomena related to the use of digital technology could also have impact on the frequency individuals engage in RCsB. Previous research has already noted that Internet addiction and aspects of cyberloafing (the use of work-based information technology for nonwork personal purposes) have a detrimental impact on individual adherence to information security.[9] Other potential factors highlighted as relevant for further research include phenomenon such as FoMO, with the potential link between MMT and RCsB being as yet unknown. This research highlights the need to explore key human factors when examining engagement in positive cybersecurity behaviors. This research could inform security professionals as they examine the cybersecurity posture of a particular population and their potential susceptibility to cybercrime.