The Cyber Security Risks of Digital Hoarding
Hoarding behaviours associated with the accumulation of physical objects is the subject of a newly-diagnosed psychiatric disorder. Studies in clinical groups and community samples have begun to clarify the demographic, social, and psychological characteristics of individuals who hoard physical items. Our research has shown for example that hoarders hold strong emotional attachments to their possessions at the expense of attachments to other people, and tend to imbue their objects with human-like emotional responses (called ‘anthropomorphism’). Recently, the focus has turned to the potential problems associated with digital hoarding – the accumulation of digital material such as emails, photographs, files and apps. Studies of email storage within individuals and organisations have shown that some individuals do not delete emails, and many store them in an unsecured manner. There are cyber security risks associated with such hoarding behaviour, as the stored material could be mined for social engineering attacks, or used by disgruntled employees who have at their disposal a repository of confidential or possibly embarrassing material that may date back several years. In short, hoarding can create cyber security vulnerabilities within a company and could potentially lead to the release of classified or commercially-sensitive data.
In a series of quantitative surveys, we will explore the psychological characteristics of individuals who engage in digital hoarding. A key aspect will be the initial development and validation of a digital hoarding questionnaire using a large sample from Amazon Turk. We will then explore the social, demographic and psychological characteristics of digital hoarders from within large organisations (local authorities, emergency services, universities) and compare their characteristics with those known to be associated with physical hoarders. In addition, we can explore how staff think about and relate to the digital information that they have access to, and how they decide on whether or not to save it or delete it. The findings will enable organisations to develop and refine their data storage and data protection policies, digital security policies, and preserve their commercial integrity.