Psybersafe Blog

Read our short, informative blog posts to understand more about cyber security and how people’s behaviour is key to improving it.

How We Make Choices (And Why It Matters in Cyber Security) 

(5 min read)

Every day, we make hundreds – possibly thousands – of choices. Most are minor and automatic: coffee or tea, trainers or shoes, check that message now or later.

But when it comes to cyber security, some of our choices have consequences we don’t immediately see.  

At Psybersafe, we're fascinated by the science of decision-making, because if we understand the reasons and ways that people make choices, we can help them choose safer behaviours as a matter of course. 

Here’s how behavioural science explains our decision-making—and how we use that insight at Psybersafe to design training that sticks. 

1. Choice overload: when more means less

We like options – until there are too many. In a classic study by Iyengar and Lepper (2000), shoppers presented with 24 types of jam were ten times less likely to buy than those shown just six. Turns out, too much choice can freeze us in our tracks. 

May25 blog dog choices 500x500Now imagine you've downloaded a new app, and you’re faced with those endless privacy setting statements or security tools. Most people won’t analyse, or even read every option – they’ll either choose the most familiar, or just stick with the default, secure or not.

How we handle this: We keep things simple. Psybersafe focuses on one behaviour at a time, guided by story and character, helping users make clearer, better decisions without the overwhelm.

2. Defaults: the invisible decision

We're naturally lazy. (No judgement there – we all are.) So, we tend to stick with whatever's already chosen for us. That’s why countries with opt-out organ donation systems see far more donors than those with opt-in setups (Johnson & Goldstein, 2003).

May25 blog App sec settings 500x500In cyber security, it’s no different. If a secure setting is the default, most users won’t change it. If an insecure one is the default, most won’t change that either.

How we handle this: We encourage secure defaults and frame them as the easiest route. And we help you understand how to set defaults that protect you. 

 

3. Decision fatigue: too tired to care

Ever found yourself clicking ‘accept’ on something without reading it, just because your brain’s fried? That’s decision fatigue. A 2011 study found that judges made more lenient decisions earlier in the day (Danziger, Levav & Avnaim-Pesso, 2011). We're all a bit more reckless when we’re tired.

May25 blog cat sleep on laptop 700x300

So, when you’re juggling back-to-back meetings and wading through inbox overload, you’re less likely to notice something suspicious, or to question a sketchy-looking link.

How we handle this: Psybersafe lessons are short, focused, and spaced out to avoid overload. The storytelling format helps people stay engaged, even if they’re running on empty.

4. Social norms: what everyone else is doing

We take cues from others. A hotel study showed that telling guests: ‘most people reuse their towels’ worked better than appeals to save the planet (Goldstein, Cialdini & Griskevicius, 2008). Peer behaviour influences us more than we'd like to admit.

If people believe their colleagues are taking cyber security seriously, they’re more likely to follow suit.

May25 blog penguins social proof 700x300

How we handle this: Our examples are real, relatable characters who reflect common behaviour – both good and bad – so you see what others like you are doing. This helps you to make better decisions yourself.

5. Friction and prompts: the good, the bad, and the sludge

A bit of friction, like a moment’s pause, can help us avoid a mistake. Too much friction, though, becomes sludge: the annoying, unnecessary stuff that slows us down. Thaler and Sunstein’s Nudge (2008) championed the helpful kind. Later, Thaler coined sludge (2018) to describe the harmful variety.

Take two-factor authentication: a simple reminder can help, but if setup takes ten steps and tech jargon, most users won’t bother.

How we handle this: We build in helpful nudges and remove unhelpful friction. Clear prompts. Simple steps. Less sludge.

May25 blog removing sludge 700x300

Why does this matter?

It matters because people don’t make decisions like robots. But cyber security training or processes often assume they do. By understanding the real science behind how choices work, we make it easier for people to pick the safe option, without even realising they’ve done it.

People don’t always decide based on logic. We decide based on context, habits, mental energy, and what others are doing.

At Psybersafe, we don’t just teach people what to do, we help them want to do it. That’s behavioural science in action. If you want to make the easy choice for your cyber security training, contact us today.

References:

  • Iyengar, S. S., & Lepper, M. R. (2000). When choice is demotivating: Can one desire too much of a good thing? Journal of Personality and Social Psychology, 79(6), 995–1006.
  • Johnson, E. J., & Goldstein, D. (2003). Do defaults save lives? Science, 302(5649), 1338–1339.
  • Danziger, S., Levav, J., & Avnaim-Pesso, L. (2011). Extraneous factors in judicial decisions. Proceedings of the National Academy of Sciences, 108(17), 6889–6892.
  • Goldstein, N. J., Cialdini, R. B., & Griskevicius, V. (2008). A room with a viewpoint: Using social norms to motivate environmental conservation in hotels. Journal of Consumer Research, 35(3), 472–482.
  • Thaler, R. H., & Sunstein, C. R. (2008). Nudge: Improving decisions about health, wealth, and happiness. Yale University Press.
  • Thaler, R. H. (2018). Sludge: What Stops Us from Getting Things Done—and What to Do About It. Behavioural Science & Policy Association.

At Psybersafe, we make it easy: short, fun monthly episodes that help your team build stronger habits without even breaking a sweat. If you want to come back from holiday to good news (and not a cyber mess), drop us a line at This email address is being protected from spambots. You need JavaScript enabled to view it..

We love behavioural science. We’ve studied it and we know it works.  If you want to know more about the science of persuasion and influence and behavioural science in general have a look at our sister site https://influenceinaction.co.uk/

Sign up  to get our monthly newsletter, packed with hints and tips on how to stay cyber safe. 

Mark Brown is a behavioural science expert with significant experience in inspiring organisational and culture change that lasts.  If you’d like to chat about using Psybersafe in your business to help to stay cyber secure, contact Mark today.