An assessment of people's vulnerabilities in relation to personal and sensitive data

Document Type

Conference Proceeding


University of Plymouth


Computing, Health and Science


Computer and Security Science, Centre for Security Research




Originally published as: Sanders, B. G., Dowland, P. S., & Furnell, S. (2009). An Assessment of People’s Vulnerabilities in Relation to Personal and Sensitive Data. Advances in Communications, Computing, Networks and Security: Proceedings of the MSc/MRes programmes from the School of Computing, Communications and Electronics, 2007-2008, 6, 124. Original article available here


Social engineering refers to a number of techniques that are used to exploit human vulnerabilities and manipulate people into breaking normal security procedures. Evidence suggests that this problem is rapidly increasing and cyber criminals are using a magnitude of different avenues to reach their intended victims. This paper presents an assessment of people's vulnerabilities in relation to personal and sensitive data. The experiment used an online web survey which comprised of both direct and non-direct social engineering attack scenarios. In addition the survey measured and assessed the level of risk that social networking users are currently exposing themselves to. The results showed that respondent's security awareness levels had improved on previous studies but significant problems still existed with user's abilities to detect and appropriately respond to social engineering threats.