Nicole Braun, who will be graduating in May with a PhD in Information Systems, set out to understand why many home users do not adequately protect themselves online, despite extensive media coverage about the risks.
"At home there's no punishment for not taking measures to protect yourself so it really comes down to individual initiative," she says.
"I was surprised that so many people said they were too lazy to deal with the issue, although I suspect sometimes this was to conceal a lack of knowledge, as people prefer to be seen as lazy rather than incompetent. But others simply weren't concerned about their own cybersecurity."
Nicole found that people's confidence levels determine how they act. "Some people are blindly trusting of every website they come across, without considering that legitimate websites can get hacked, so don't feel the need to take preventative measures.
"Then there are the people who think they will be safe from all harm as long as they use anti-virus software. However, we're seeing more and more that just using anti-virus software isn't enough."
People's previous experience was found to impact on how confident they felt in their ability to protect themselves. For instance, people who had experienced a virus on their computer that had either made them lose data or money from credit card fraud were more confident if they had managed to solve the problem.
"On the other hand, people who'd never experienced any issues often had the attitude that if it hadn't happened to them there was nothing to worry about."
Reliance on others was also found to be common, particularly women who relied on their husbands to protect them, or older users who were reliant on their children. "It takes time to find out what steps can be taken to protect yourself, so many of these people were happy to leave the problem in someone else's hands."
In her research, Nicole identified five animals that characterise the most typical security users, and suggests the best way of reaching each group. They are the: mouse (timid, low confidence), ostrich (low awareness, ignores the risks), coyote (knowledgeable but willing to take risks if the payoff is there), dark horse (good at protecting their security but lack confidence) and cockerel (proud of their security knowledge).
"My research made it clear that creating a 'one size fits all' security message isn't effective, as you are dealing with such a range of personality types. I'd like to see more tailored messages getting out there."
Explore further: What you need to know about the Heartbleed bug