x

We are happy to announce that all trial registrations will now be issued DOIs (digital object identifiers). For more information, see here.
Engaging small business in cyber safe practice
Last registered on November 19, 2019

Pre-Trial

Trial Information
General Information
Title
Engaging small business in cyber safe practice
RCT ID
AEARCTR-0004957
Initial registration date
October 28, 2019
Last updated
November 19, 2019 7:16 PM EST
Location(s)
Region
Primary Investigator
Affiliation
Behavioural Economics Team of the Australian Government
Other Primary Investigator(s)
PI Affiliation
Additional Trial Information
Status
Completed
Start date
2019-08-26
End date
2019-10-23
Secondary IDs
Abstract
Small and medium enterprises are at risk of ransomware attacks and phishing attacks on their business IT systems.
Businesses can protect themselves by downloading software updates as soon as they become available, by regularly backing up their data and by avoiding clicking on links to unfamiliar URLs in emails. Many small and medium enterprises are unaware of these simple steps that could help protect their business. The Australian Cyber Security Centre (ACSC) provides advice for small businesses and publishes this on its website www.cyber.gov.au. ACSC is interested in how best to present this information and advice so that it is maximally effective in improving awareness and behavioural change. BETA worked with the ACSC to conduct a trial aimed to test advice on phishing, downloading updates and backing up data. We tested presenting this advice in different formats: including plain text, infographics and an interactive quiz with infographic.
External Link(s)
Registration Citation
Citation
Greenwell, Harry and BETA Team Registration. 2019. "Engaging small business in cyber safe practice." AEA RCT Registry. November 19. https://doi.org/10.1257/rct.4957-1.2.
Experimental Details
Interventions
Intervention(s)
Intervention Start Date
2019-08-26
Intervention End Date
2019-10-23
Primary Outcomes
Primary Outcomes (end points)
Outcome 1 - Phishing test score
Individuals completed a phishing test, where respondents are presented with three emails and decide if they are genuine or fake. The order of emails was randomised. One email was genuine and two were fake.
Outcome measurement: Average number of correct answers.

Outcome 2 and 3 - Self reported outcomes
Individuals were asked about their intentions to update their software and intention to backup their data.
Primary Outcomes (explanation)
Secondary Outcomes
Secondary Outcomes (end points)
Secondary Outcomes (explanation)
Experimental Design
Experimental Design
Four-arm individually randomised survey experiment delivered as part of a survey collecting information on the cyber-security behaviours of small and medium enterprises (SMEs). The survey and experiment were collected through an online survey platform (Qualtrics).
The initial experimental design was piloted and interventions were refined based on this pilot.
Interventions
Control – Respondents proceed directly to the outcome survey without exposure to information/advice.
Plain text – Respondents read three short pieces of information/advice about detecting phishing emails, software updates and backing up data.
Infographic – Same information/advice as above, but presented as an infographic.
Interactive infographic – Quiz style question on each topic, followed by the previous infographic explaining the correct answer.
Experimental Design Details
Randomization Method
Randomised automatically by Qualtrics
Randomization Unit
Individual
Was the treatment clustered?
No
Experiment Characteristics
Sample size: planned number of clusters
1186 individuals
Sample size: planned number of observations
1186
Sample size (or number of clusters) by treatment arms
296 control, 296, plain text, 297 infographic, 297 interactive infographic
Minimum detectable effect size for main outcomes (accounting for sample design and clustering)
IRB
INSTITUTIONAL REVIEW BOARDS (IRBs)
IRB Name
BETA
IRB Approval Date
2019-06-03
IRB Approval Number
BETA-ETH-2019-001
Analysis Plan

There are documents in this trial unavailable to the public. Use the button below to request access to this information.

Request Information
Post-Trial
Post Trial Information
Study Withdrawal
Intervention
Is the intervention completed?
No
Is data collection complete?
Data Publication
Data Publication
Is public data available?
No
Program Files
Program Files
Reports and Papers
Preliminary Reports
Relevant Papers