Availability heuristic: The tendency of an individual relies on immediate examples that come to a given person’s mind when evaluating a specific topic, concept, method or decision.¹

Awareness: Focuses attention on security.²

Business email compromise (BEC): A form of phishing attack where a criminal attempts to trick a senior executive (or budget holder) into transferring funds, or revealing sensitive information.³

Choice architecture: Organizing the context in which people make decisions.⁴

Cognitive dissonance: Cognitive dissonance is a term for the state of discomfort felt when two or more modes of thought contradict each other. The clashing cognitions may include ideas, beliefs, or the knowledge that one has behaved in a certain way.⁵

Cybersecurity: 1. ‘Cyberspace security’; preservation of confidentiality, integrity and availability of information in the Cyberspace.^6,7 2. The state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this.⁸

Cybersecurity awareness: Focusing individuals’ attention on protecting against the criminal or unauthorised use of electronic data, so that they can respond accordingly.⁹

Cyberspace: Complex environment resulting from the interaction of people, software and services on the Internet by means of technology devices and networks connected to it, which does not exist in any physical form.¹⁰

Double-blind experiment: An experiment in which neither the participant nor the person gathering the dependent variable data knows which group the participant is in.¹¹

Dunning–Kruger effect: People tend to hold overly favourable views of their abilities in many social and intellectual domains.¹²

Gamification: The practice of making activities more like games in order to make them more interesting or enjoyable.¹³

HARK(ing): Presenting a post hoc hypothesis in the introduction of a research report as if it were an a priori hypothesis.¹⁴

Hawthorne effect: The phenomenon that employees perform better when they feel singled out for attention or feel that management is concerned about their welfare.¹⁵

Heuristic: A mental shortcut that allows an individual to make a decision, pass judgment, or solve a problem quickly and with minimal mental effort.¹⁶

Norm: An accepted standard or a way of behaving or doing things that most people agree with.¹⁷

Normalcy bias: The tendency of an individual to disbelieve or minimize threat warnings.¹⁸

Nudge: An aspect of the choice architecture that alters people’s behaviour in a predictable way without forbidding any options or significantly changing their economic incentives.¹⁹

Null hypothesis: The statement postulating an experiment will find no variations between the control and experimental states, which is, no union between variants. Statistical tests are rendered to experimental outcomes in effort to disprove or refute the previously established significance level.²⁰

Operant conditioning: A method of learning where the consequences of a response determine the probability of the response being repeated.²¹

Pedagogy: The study of the methods and activities of teaching.²²

Phishing: Fraudulent process of attempting to acquire private or confidential information by masquerading as a trustworthy entity in an electronic communication.²³

Planned behaviour theory: Predict an individual’s intention to engage in a behaviour at a specific time and place. The theory was intended to explain all behaviours over which people have the ability to exert self-control.²⁴

Protection motivation theory: Describes how individuals are motivated to react in a self-protective way towards a health threat. It has four key elements: ‘threat appraisal’, followed by ‘coping appraisal’, which comprises ‘response efficacy’ – the belief that certain processes will mitigate the threat – and ‘self-efficacy’, an individual’s idea of their own ability to implement the required actions to mitigate the threat.²⁵

Ransomware: A type of malware (like Viruses, Trojans, etc.) that infect the computer systems of users and manipulates the infected system in a way, that the victim cannot (partially or fully) use it and the data stored on it. The victim usually shortly after receives a blackmail note by pop-up, pressing the victim to pay a ransom (hence the name) to regain full access to system and files.²⁶

Salience (or saliency) bias: The tendency of an individual to focus on items or information that are more noteworthy while ignoring those that do not grab our attention.²⁷

Self-efficacy (theory): The belief in one’s capabilities to organize and execute the courses of action required to manage prospective situations.²⁸

Social proof: The phenomenon of people modelling their behaviour based on how they see others behave.²⁹

Spear phishing: Spear phishing is a more sophisticated and elaborate version of phishing. It targets specific organisations or individuals, and seeks unauthorized access to confidential data. Just like in standard phishing, spear phishing attacks impersonate trusted sources. Moreover the attacks are personalised, and tactics such as sender impersonation are used.³⁰

Training: Produces relevant and needed security skills and competencies by practitioners of functional specialties.³¹

Two-factor authentication: Two-step verification (sometimes called two-factor authentication or 2FA) is a more secure solution than just passwords. It works by requiring two different methods to authenticate yourself.³²