NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.
Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.
An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
"A five-year-old could understand it" versus "This is way too confusing": Exploring Non-expert Understandings and Perceptions of Cybersecurity Definitions
Published
Author(s)
Lorenzo Neil, Charlotte Healy, Julie Haney
Abstract
Experts struggle with explaining cybersecurity in a language and tone appropriate for non-expert audiences. This communication gap may make it difficult for a broad and diverse audience to fully engage in cybersecurity. Fundamental forms of communication, such as definitions, can be for a means for experts to communicate cybersecurity concepts to non-experts. To explore how non-experts perceive cybersecurity definitions and identify potential areas of misunderstanding and misconception,} we performed a semi-structured interview study with 30 non-experts of different generations (ages) and education levels. Our findings reveal that non-experts may have incomplete mental models of cybersecurity, misinterpret terms and concepts commonly used in definitions, and express strong preferences for how cybersecurity is defined. While our study focuses on definitions, our results have broader implications for how cybersecurity should be communicated to a diverse range of individuals.
Proceedings Title
Proceedings of the Association of Computing Machinery CHI conference on Human Factors in Computing Systems
Neil, L.
, Healy, C.
and Haney, J.
(2025),
"A five-year-old could understand it" versus "This is way too confusing": Exploring Non-expert Understandings and Perceptions of Cybersecurity Definitions, Proceedings of the Association of Computing Machinery CHI conference on Human Factors in Computing Systems, Yokohama, JP, [online], https://doi.org/10.1145/3706598.3713820, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=958789
(Accessed October 9, 2025)