In 2015, the FBI's Internet Crime Complaints Center received 288,012 complaints of cybercrimes (FBI, 2015). About 40% of the reported cyber-attacks resulted in immediate monetary loss averaging $8421 for individuals; companies, on average, lost approximately $17 million per cyber-attack. Across the last five years, complaints have been roughly stable at about 300,000 per year (FBI, 2018). Typically, hackers often depend on a combination of technological and human vulnerabilities (Mitnick & Simon, 2002). We are focusing on reducing these vulnerabilities by improving user cyber hygiene (compliance with best practices) and situation awareness (making risk more transparent).

Cyber security breaches are highly publicized, so most end users are aware that they are at risk, but they do not know how to follow best practices. They often lack the understanding of the necessary cybersecurity actions and this can underlie inappropriate attitudes and behaviors. We recently surveyed users' cyber hygiene knowledge about a wide variety of topics (Cain, Edwards, & Still, 2018). For instance, users report the following about their passwords:

* 85% used personal information
* 46% used dictionary words
* 50% used the same password for multiple accounts
* 59% do not change their password
* 95% share their password with others

Top Ten Cyber Hygiene Best Practices (slide deck)

Improving Cyber Hygiene with AI:

Users' ability to recognize, comprehend, and anticipate the outcomes of cybersecurity threats is known as cyber situation awareness (CSA). Novice users not only demonstrate poor CSA, but poor understanding of how to respond to cyber threats. Current technology fails to draw a connection between users' poor cyber hygiene and their increased vulnerability to threats. We need AI solutions that utilize human-centered design to make this connection more transparent. To this end, we propose the Cyber Hygiene Intelligence and Performance (CHIP) prototype (see Mator & Still, 2021). Our solution provides users with actionable AI suggestions in the form of concise and situated notifications.