COM-B Model for Cybersecurity

The COM-B model by Michie et al. (2011) explores Capability, Motivation, and Opportunity as key factors in behavior change interventions. It relates these components to cybersecurity practices, emphasizing the importance of physical and psychological capability, social and physical opportunities, and conscious and unconscious motivations. The model has been applied in developing theory-based security awareness programs and understanding behaviors like data leak prevention. References highlight its effectiveness in promoting sustainable behavior change in cybersecurity education and training.

• COM-B model
• Cybersecurity
• Behavior change
• Michie et al.
• Capability

jaco_67 Follow

Uploaded on Mar 15, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. COM-B Model (Michie et al. 2011) Capability Motivation Behaviour Opportunity Michie, S., van Stralen, M. M., & West, R. (2011). The behaviour change wheel: A new method for characterising and designing behaviour change interventions. Implementation Science. https://doi.org/10.1186/1748-5908-6-42

2. Components Capability: Physical and psychological capability to carry out the behaviour. Opportunity: The physical and social opportunity to carry out the behaviour. Motivation: Both the conscious and unconscious motivation to perform the behaviour.

3. Capability Physical capability: can you physically perform the behaviour? (Only applicable to some behaviours.) Psychological capability: Having the cognitive skills to perform the behaviour. For instance: being able to recognise a phishing email

4. Opportunity Physical opportunity: situational factor that links to the physical environment. E.g., securing computers by removing unwanted connectors such as USB ports, to reduce malware infection through USB drives. Social opportunity: The effect of views and behaviour of people in your social circle. Do people take cybersecurity seriously? Do they find it relevant and important?

5. Motivation Conscious motivation: Beliefs and intentions. Do people realise the importance of security customer data? Do they intend to check who they are sending confidential information to so they avoid an unwanted data leak? Unconscious motivation: Emotions and habits. Which habits are formed (e.g., locking your screen when leaving your desk), and which emotional responses can influence behaviour?

6. COM-B and cybersecurity Alshaikh et al. (2019) argue for the use of COM-B in developing more theory based security awareness programs. Van der Kleij et al. (2020) found that the COM-B model can explain the data leak prevention behaviour of bank employees, with capability being an important factor. Van der Kleij et al. (2021) found that testing the predictive value of COM-B on citizens cybersecurity behaviour was successful, although opportunity seemed to play a smaller role.

7. References Alshaikh, M., Naseer, H., Ahmad, A., & Maynard, S. B. (2019). Toward sustainable behaviour change: an approach for cyber security education training and awareness. In Proceedings of the 27th European Conference on Information Systems (ECIS), Stockholm & Uppsala, Sweden, June 8-14, 2019. Michie, S., van Stralen, M. M., & West, R. (2011). The behaviour change wheel: A new method for characterising and designing behaviour change interventions. Implementation Science. https://doi.org/10.1186/1748-5908-6-42 van der Kleij, R., Wijn, R., & Hof, T. (2020). An application and empirical test of the Capability Opportunity Motivation-Behaviour model to data leakage prevention in financial organizations. Computers & Security, 97, 101970. van der Kleij, R., van t Hoff-De Goede, S., Weijer, S. V. D., & Leukfeldt, R. (2021). How Safely Do We Behave Online? An Explanatory Study into the Cybersecurity Behaviors of Dutch Citizens. In International Conference on Applied Human Factors and Ergonomics (pp. 238-246). Springer, Cham.