Do Warning Message Design Recommendations Address Why Non-Experts Do Not Protect Themselves from Cybersecurity Threats? A Review

We aimed to understand whether warning message design recommendations address the reasons why non-experts choose to not protect themselves from cybersecurity threats. Toward that end, we synthesized literature to investigate why non-experts choose to not protect themselves, and catalog design recommendations aimed at influencing how non-experts think about threats. We then evaluated whether those recommendations addressed non-experts' reasons. We are the first to synthesize and compare these important literatures. Our results revealed that current recommendations do not adequately address many of non-experts' reasons for not protecting themselves. Therefore, implementing those recommendations probably will not convince those non-experts to protect themselves, which may partially explain why warning messages that implement current recommendations improve user compliance but to levels that are still lower than desired. Our results also highlight the need for future research that could lead to new warning message design recommendations that better address non-experts' reasons for not protecting themselves.