Back to History Current Version

Engaging small business in cyber safe practice

Last registered on October 30, 2019
View Trial History

Pre-Trial

Trial Information

General Information

Title
Engaging small business in cyber safe practice
RCT ID
AEARCTR-0004957
Initial registration date
October 28, 2019

Initial registration date is when the trial was registered.

It corresponds to when the registration was submitted to the Registry to be reviewed for publication.

First published
October 29, 2019, 9:46 AM EDT

First published corresponds to when the trial was first made public on the Registry after being reviewed.

Last updated
October 30, 2019, 1:30 AM EDT

Last updated is the most recent time when changes to the trial's registration were published.

Locations

Country
Australia
Region

Primary Investigator

Name
BETA Team Registration
Affiliation
Behavioural Economics Team of the Australian Government
Contact Primary Investigator

Other Primary Investigator(s)

Additional Trial Information

Status
Completed
Start date
2019-08-26
End date
2019-10-23
Keywords
Crime, Violence, & Conflict
Additional Keywords
Cyber security, cybersecurity, cyber-security, small-to-medium enterprises, SMEs
JEL code(s)
Secondary IDs
Abstract
Small and medium enterprises are at risk of ransomware attacks and phishing attacks on their business IT systems.
Businesses can protect themselves by downloading software updates as soon as they become available, by regularly backing up their data and by avoiding clicking on links to unfamiliar URLs in emails. Many small and medium enterprises are unaware of these simple steps that could help protect their business. The Australian Cyber Security Centre (ACSC) provides advice for small businesses and publishes this on its website www.cyber.gov.au. ACSC is interested in how best to present this information and advice so that it is maximally effective in improving awareness and behavioural change. BETA worked with the ACSC to conduct a trial aimed to test advice on phishing, downloading updates and backing up data. We tested presenting this advice in different formats: including plain text, infographics and an interactive quiz with infographic.
External Link(s)

Registration Citation

Citation
Team Registration, BETA. 2019. "Engaging small business in cyber safe practice." AEA RCT Registry. October 30. https://doi.org/10.1257/rct.4957-1.1
Sponsors & Partners
Experimental Details

Interventions

Intervention(s)
Intervention Start Date
2019-08-26
Intervention End Date
2019-10-23

Primary Outcomes

Primary Outcomes (end points)
Outcome 1 - Phishing test score
Individuals completed a phishing test, where respondents are presented with three emails and decide if they are genuine or fake. The order of emails was randomised. One email was genuine and two were fake.
Outcome measurement: Average number of correct answers.

Outcome 2 and 3 - Self reported outcomes
Individuals were asked about their intentions to update their software and intention to backup their data.
Primary Outcomes (explanation)

Secondary Outcomes

Secondary Outcomes (end points)
Secondary Outcomes (explanation)

Experimental Design

Experimental Design
Four-arm individually randomised survey experiment delivered as part of a survey collecting information on the cyber-security behaviours of small and medium enterprises (SMEs). The survey and experiment were collected through an online survey platform (Qualtrics).
The initial experimental design was piloted and interventions were refined based on this pilot.
Interventions
Control – Respondents proceed directly to the outcome survey without exposure to information/advice.
Plain text – Respondents read three short pieces of information/advice about detecting phishing emails, software updates and backing up data.
Infographic – Same information/advice as above, but presented as an infographic.
Interactive infographic – Quiz style question on each topic, followed by the previous infographic explaining the correct answer.
Experimental Design Details
Randomization Method
Randomised automatically by Qualtrics
Randomization Unit
Individual
Was the treatment clustered?
No

Experiment Characteristics

Sample size: planned number of clusters
1186 individuals
Sample size: planned number of observations
1186
Sample size (or number of clusters) by treatment arms
296 control, 296, plain text, 297 infographic, 297 interactive infographic
Minimum detectable effect size for main outcomes (accounting for sample design and clustering)
Supporting Documents and Materials
IRB

Institutional Review Boards (IRBs)

IRB Name
BETA
IRB Approval Date
2019-06-03
IRB Approval Number
BETA-ETH-2019-001
Analysis Plan

There is information in this trial unavailable to the public. Use the button below to request access.

Request Information

Post-Trial

Post Trial Information

Study Withdrawal

There is information in this trial unavailable to the public. Use the button below to request access.

Request Information

Intervention

Is the intervention completed?
No
Data Collection Complete
Data Publication

Data Publication

Is public data available?
No

Program Files

Program Files
Reports, Papers & Other Materials

Relevant Paper(s)

Reports & Other Materials