National Cyber Resilience Baselining

The APWG is working with research centers in Australia, and the United States to deploy the world’s first national base-lining survey of user resilience to the common cybercrime of phishing to gain insights into behavioral aspects of phishing – and to establish data corpora for university and industry investigators researching the behavioral/cognitive dimensions of cybercrime.

Principle investigators from La Trobe University and Indiana University are organizing this program to engage user behaviour in cyber security as a public health problem, adapting techniques from epidemiology to generate data that is representative of the whole population – not a biased sub-sample. The data generated from this study will help to extend the field, but more importantly, will be shared with system designers to help build more secure tools and better incident response capability.

This study will extend an existing instrument developed at Indiana University that measures responses to simulated phishing attacks, and deliver it to a target 9,798 randomly sampled users nationally (approximately 0.2% of the population). This sample size has been selected because it is the minimum sample size required to achieve a Confidence Level of 0.99, with a Confidence Interval of 0.5, given a population of 24,511,800 in Australia.

The organization of survey assets established in the Australian program will be the first of many national baselining surveys that APWG is working to organize worldwide to achieve the deepest resolution possible of those mal-informed moments of decision that make phishing so enduringly successful and profitable for attackers.

APWG was spurred to advocacy by encountering a narrowly focused phishing resilience protocol developed by Dr. Bennett Bertenthal at Indiana University that had been successfully deployed in a number of experiments that were published in research papers accepted at a number of leading journals.

APWG is promoting these national surveys to gauge user resilience to the common cybercrime of phishing – and to measure the ambient cyber resilience of countries by conducting the survey with large-scale samples of users. The test protocol being developed by Indiana University, for example, contains more than twenty examples of possible phishing web pages.

Program Principals
APWG Applied Research

The Indiana University Protocol

The subjects fill in a short profile about their base demographics, their tech-related experience and expertise in ICT. The subjects are shown the websites, some of which are genuine and some of which are counterfeit. The subject has limited time to make their decision. The shorter the time span in which they make correct decisions the more bonus pay they recieve. The testing software also records mouse movement to observe parts of the decision-making process exhibited by the subject that are important for indicating user interrogations of page-borne clues of authenticity or bogosity.

The survey can be deployed at scale over time for different longitudinal analyses for many kinds of applications, such as confirm or refute that awareness campaigns do what their advocates hope that they do: positively influence user behavior in engagement of commonly experienced ICT-mediated threats.

APWG’s longer-range plan is to get as many countries as we can to complete a census-curve sampling to start that process of efficacy testing – and to inspire researchers to do different kinds of meta analyses with the resulting data.

APWG and its research correspondents have been discussing development of the survey instrument for deployment in Argentina, Australia, Canada, Portugal, Latvia, Spain, Ireland, Scotland and Switzerland.

Rationale For This Survey Program Is Manifold: 

  • Examination of ICT users’ engagement of common cybercrime risks allows a more comprehensive appreciation of the nature of cybercrime
  • Scaled for broad national baselining surveys, such surveys would allow policy makers to engage the human dimensions of cybercrime – with data
  • Researchers are moving forward with such protocol designs and likely will continue as new data is produced that inspire new investigations
  • Essential decision-event data will focus investigations and inspire key questions about the event cascade that so predictably assists cyber gangs in the completion of their crimes

Watch Dr. Watters discuss the program at the Symposium on eCrime Research 2019 and download the presentation at

What Utility Do These Kinds of Metrics Offer?

  • Identifying user decision-making weaknesses
  • Upgrading user behaviors that consistently assist criminals
  • Identifying UI/UX architectures that demonstrably assist cybercriminals in development of electronic deceptions
  • Pressing cases for remediation of UI/UX architectures that are demonstrably useful to cybercriminals

APWG will serve as data curator and, as ever, muster catalyst. Toward the first imperative APWG will collect the results of the national baselining surveys and mount the depersonalized and anonymized data on its servers and offer them to qualified researchers with an interest in the behavioral dimensions of cybercrime.