Organizations have been widely committed to cybersecurity awareness campaigns in recent years, often with limited success. Human error remains the main reason for security breaches and undesired data disclosure.

Research literature identifies two important causes for the lagging behind of cyber secure behavior. Firstly, a sense of personal relevance is lacking: people acknowledge the importance of cybersecurity but underestimate how relevant their own role is in achieving security. Secondly, people find it difficult to act cyber secure because security systems and protocols are often not sufficiently designed to be user-friendly. This PhD project investigates the cybersecurity tradeoffs people make in their willingness to disclose personal and sensitive information. Subsequently, with two case studies deployed at the Dutch ministry of Defense, it investigates if the extent to which sensitive information is disclosed can be limited by cybersecurity measures responding to these human tradeoffs.