The impact of common mental health concerns on experiences of online security: 'being' vs 'feeling' secure

Despite technological security research branching out of its organisational roots, research in this area tends to focus on the 'typical' population of 'users'. This brings about the question of whether there is a difference in the way individuals interact with technology, and hence security, for those who do not fit they 'typical user' role. Further to this, in recent years there has been discussion on how the responsibilisation of cybersecurity advice and action has increased: the responsibility of making sure a device is secure, and that breaches do not occur is increasingly placed on the individual, regardless of their circumstance or ability. For those individuals who do not fall into the 'typical user' usually seen within the literature, this may have severe consequences, which have a reach further than the sole person interaction with the technology. One such group of users are those who are disabled or who have an impairment. This thesis focuses on a subgroup of disability which the literature has yet to explore psychosocial disability, or mental health concerns.

This thesis will begin by considering how disability and security have been research previously, and where the focus has been, through a systematic literature review. Informed by this, another literature review will be undertaken, specifically focussing on how mental health and online security, and been discussed within the literature.

These literature reviews will lay the foundations for two pieces of exploratory work investigating the effects of common mental health concerns on individuals' experiences of being secure online. The first of these pieces of work will be an online survey, to gain a snapshot of perceived threats and risk, as well as experiences of feeling (un)safe online. Due to the changable nature of mental health, the second study will seek to chart potential changes in feelings of safety, through means of a diary study, to provider richer information about how someone's mental health can affect how safe they feel online."

People. The most obvious impact of RHUL's cyber security CDT will be its production of 50 PhD-level graduates during its lifetime. CDT graduates will be "industry-ready": through industry placements, they will have exposure to real-world cyber security problems and working environments; because of the breadth of our training programme, they will gain exposure to cyber security in all its forms; through involvement of our external partners at all stages of the CDT, the students will be exposed to the language and culture of industry, government and other sectors. At the same time, they will benefit from generic skills training, equipping them with a broad set of skills that will be of use in their subsequent workplaces. They will also engage in PhD-level research projects that will lead to them developing deep topic-specific knowledge as well as general analytical skills. There is a growing demand for graduates with these skill-sets. While RHUL already has demonstrably close relationships with key external players, our CDT represents an opportunity for us to enhance our existing links and develop new ones. Moreover, our own research will be strengthened by working with the best external researchers.

Economy. The nature of our cyber security research and the planned industrial involvement in influencing the selection of research topics means that there will be significant commercialisation opportunities arising from the research produced by this CDT. RHUL cyber security researchers have more than 80 years of experience working in industry, either in research, development or customer-facing environments, and are named inventors on more than 30 patents. We are closely supported by the Royal Holloway Enterprise Centre, who have expertise in business development, securing venture capital funding, and IPR protection. RHUL's Institute for Cyber Security Innovation provides business research and training support. We also have an on-campus incubation centre which has hosted a number of spin-out companies. We are thus thoroughly prepared to identify and exploit commercialisation opportunities arising from the CDT.

Knowledge. The CDT will make substantial and original contributions to knowledge in cyber security. Following institutional policy, all research is made available to the public for free in some form, either through open access publishing,the institution's research repository or via subject-specific on-line archives. The research will also published in conference venues which, by their nature, are regularly attended by large numbers of delegates from outside of academia. Other impact routes for our knowledge include Industry Fora (RHUL is an active academic member of the I4 and ISF organisations, which are influential industry fora), Business Events (RHUL researchers regularly speak at events such as InfoSec London, RSA Conference), Standards Bodies (several staff are active in international standards bodies), Consulting (staff have consulted for more than 100 organisations in the last 30 years), Industry-focused Events (RHUL hosts several external facing events each year, including the annual CDT Showcase, HP Colloquium, and ISG Open Day).

Society. One of the longer-term impacts of our research is to provide mechanisms that help to enhance confidence and trust in the on-line society for ordinary citizens, leading in turn to quality of life enhancement. Our work on the socio-technical dimensions of security and privacy gives us a means to influence government policy to the betterment of society at large. We work closely with government departments such as the Cabinet Office to provide advice on privacy, security and design issues. We also communicate research findings through more widely accessible media, press engagement, speaking at public events, and working with schools (CDT students will take part in the annual Smallpeice Trust Cyber Security residential for Year 9 students).