Accepted for/Published in: Journal of Medical Internet Research
Date Submitted: Oct 27, 2024
Date Accepted: Jan 16, 2026
Warning: This is an author submission that is not peer-reviewed or edited. Preprints - unless they show as "accepted" - should not be relied on to guide clinical practice or health-related behavior and should not be reported in news media as established information.
Can the Cognitive Dissonance (CD) concept help to mitigate phishing susceptibility in healthcare?
ABSTRACT
Background:
Phishing attacks are a pervasive global threat across multiple sectors, especially healthcare, where attackers exploit psychological factors to increase susceptibility among healthcare staff. Cognitive dissonance, a psychological concept describing the discomfort experienced when an individual holds conflicting beliefs or attitudes, may serve as a critical factor influencing the adherence to cybersecurity practices. Similar to how hunger motivates actions to alleviate discomfort, cognitive dissonance prompts individuals to seek internal consistency, potentially influencing their response to phishing attempts.
Objective:
This study examines the role of cognitive dissonance in reducing phishing susceptibility among healthcare staff. Through a controlled, in-the-wild phishing simulation, cognitive dissonance was assessed as an independent variable to understand its impact on staff compliance with security practices.
Methods:
A two-stage controlled experiment design was used, including self-reported assessments and real-world security practice observations. A total of 830 participants, comprising doctors and nurses from a major hospital in Norway, participated in the experiment. Participants were divided into control, experimental, and neutral groups, with susceptibility rates recorded at 65% in the control group, 44% in the experimental group, and 53% in the neutral group. Statistical analysis, specifically Pillai’s Trace assessment, was used to evaluate differences in actual behavior, perceived severity, and cues to action.
Results:
Significant differences were observed in participants' responses, suggesting that cognitive dissonance may influence susceptibility to phishing attacks by affecting their perception of risk and cues to action.
Conclusions:
This study highlights the potential of leveraging cognitive dissonance as a psychological tool to reduce phishing susceptibility in healthcare. Practical recommendations are provided to help healthcare institutions apply cognitive dissonance strategies in cybersecurity training to foster more resilient security practices among staff.
Citation
Request queued. Please wait while the file is being generated. It may take some time.
Copyright
© The authors. All rights reserved. This is a privileged document currently under peer-review/community review (or an accepted/rejected manuscript). Authors have provided JMIR Publications with an exclusive license to publish this preprint on it's website for review and ahead-of-print citation purposes only. While the final peer-reviewed paper may be licensed under a cc-by license on publication, at this stage authors and publisher expressively prohibit redistribution of this draft paper other than for review purposes.