Mousa Jari^1,3, Kovila Coopamootoo² and Rasha Ibrahim¹, ¹Newcastle University, UK,
²King's College London, UK, ³King Saud University, Saudi Arabia

Amid growing concerns about security and privacy, and their impact on decision-making, researchers have sought to understand the reasons behind users' seemingly risky behaviour in disregarding security advice. In this study, we delve into the perceptions of security experts on end users' threat models and their cybersecurity practices and habits. This research explores the perceptions of security and privacy experts regarding end users’ threat models and their behaviours in relation to cybersecurity. A survey was conducted with 55 experts, including 27 females and 28 males, to gain insights into end users' habits, practices, and feelings from the perspective of security experts. The study reveals that end-users express moderate concern about privacy and security while carrying out their daily tasks. However, security experts believe that end-users tend to be passive towards organisational security policies, and their lack of knowledge about these policies which may lead to negative feelings. Additionally, experts perceive that end-users may be unaware of security measures, have difficulties understanding security concepts, and are at high risk of falling victim to phishing attacks by opening attachments and clicking on unknown links.

Security, Privacy, Policies, Phishing, Experts & End-users.