Cybersecurity & Privacy

Brief description

We view cybersecurity and privacy as fundamental prerequisites and powerful enablers of a successful and sustainable digital transformation. Adopting a socio-technical perspective, we investigate challenges such as cybersecurity and privacy risks, as well as specific incidents, through the interplay of technologies, people, and institutional contexts. In our research, we explicitly recognize individual and organizational behaviors as critical factors shaping both adversarial cyber phenomena and desired security outcomes. We aim to advance rigorous, high-quality research while also providing actionable insights and practical recommendations for policymakers, organizational leaders, and private individuals.

Cybersecurity & Privacy
Cybersecurity & Privacy
  • Ideographic cybersecurity research: How can an idiographic approach help validate widely used theories in behavioral cybersecurity research that imply within-person patterns over time?
  • Incident reporting behavior: How do utilitarian vs. hedonic factors influence employees’ intention to use cyber incident reporting tools?
  • Security Culture: How does disruptive change affect organizations’ information security culture?
  • Phishing: How does current research on user-oriented phishing interventions tackle the aim of guiding users towards secure online behavior?
  • Motives and consequences of doxing: What are the reasons individuals are doxed, by whom, and how do incidents unfold?
  • Online platforms’ roles in doxing: How do online platforms facilitate the sociotechnical actor-networks that produce and sustain doxing incidents?
  • ATHENE Project PriVis: Visualization-based Technologies as Enablers for Privacy Sovereignty Online PriVis
  • Cram, W. A., D’Arcy, J., & Benlian, A. (2024). Time will tell: The case for an idiographic approach to behavioral cybersecurity research. MIS Quarterly, 48(1), 95–136. https://doi.org/10.25300/MISQ/2023/17707
  • Cram, W. A., D’Arcy, J., & Benlian, A. (2026). Now and later? Comparing a nomothetic and idiographic analysis of cybersecurity fatigue. Proceedings of the 59th Hawaii International Conference on System Sciences (HICSS 2026), 4598–4607. https://hdl.handle.net/10125/111947
  • Franz, A. (2022). Why do employees report cyber threats? Comparing utilitarian and hedonic motivations to use incident reporting tools. Proceedings of the 43rd International Conference on Information Systems (ICIS 2022). https://aisel.aisnet.org/icis2022/security/security/13
  • Franz, A., & Benlian, A. (2020). Spear phishing 2.0: How automated attacks present organizations with new challenges. HMD – Praxis der Wirtschaftsinformatik, 57(4), 597–612. https://doi.org/10.1365/s40702-020-00613-y
  • Franz, A., & Benlian, A. (2022). Exploring interdependent privacy: Empirical insights into users’ protection of others’ privacy on online platforms. Electronic Markets, 32(4), 2293–2309. https://doi.org/10.1007/s12525-022-00566-8
  • Franz, A., & Croitor, E. (2021). Who bites the hook? Investigating employees’ susceptibility to phishing: A randomized field experiment. Proceedings of the 29th European Conference on Information Systems (ECIS 2021). https://aisel.aisnet.org/ecis2021_rp/125
  • Franz, A., & Thatcher, J. B. (2023). Doxing and doxees: A qualitative analysis of victim experiences and responses. Proceedings of the 31st European Conference on Information Systems (ECIS 2023). https://aisel.aisnet.org/ecis2023_rp/397
  • Franz, A., & Wahl, N. (2021). Facing challenges can make you stronger: How global disruptive change affects organizations’ information security culture. Proceedings of the 29th European Conference on Information Systems (ECIS 2021). https://aisel.aisnet.org/ecis2021_rp/90
  • Franz, A., Zimmermann, V., Albrecht, G., Hartwig, K., Reuter, C., Benlian, A., & Vogt, J. (2021). SoK: Still plenty of phish in the sea—A taxonomy of user-oriented phishing interventions and avenues for future research. Proceedings of the 17th Symposium on Usable Privacy and Security (SOUPS 2021), 339–356. https://www.usenix.org/conference/soups2021/presentation/franz
  • Schuster, J., Franz, A., & Benlian, A. (2024). What makes doxing good or bad? Exploring bystanders’ appraisal and responses to the malicious disclosure of personal information. Proceedings of the 57th Hawaii International Conference on System Sciences (HICSS 2024), 116–125. https://hdl.handle.net/10125/106390
  • Stäcker, D., Franz, A., & Hett, J. (2025). Opening Pandora’s dox: Investigating dynamics among doxing actors within online environments. Proceedings of the 33rd European Conference on Information Systems (ECIS 2025). https://aisel.aisnet.org/ecis2025/ethical/6
  • Stäcker, D., & Saha, R. P. (2025). The role of online platforms in doxing: An actor-network theory perspective. Proceedings of the 46th International Conference on Information Systems (ICIS 2025). https://aisel.aisnet.org/icis2025/ethical_is/ethical_is/3
  • Stäcker, D., Saha, R. P. & Benlian, A. (2026). Deepfakes as a New Cyber Threat: Risks and Defense Strategies for Organizations. HMD Praxis der Wirtschaftsinformatik. https://doi.org/10.1365/s40702-026-01251-6