Understand ‘phishing’? Think again: why cybersecurity language is failing us – News
Understand ‘phishing’? Think again: why cybersecurity language is failing us – News
Publish Date: 2026-06-22 01:42:00
Source Domain: news.flinders.edu.au
Using an unordered list, summarize the following article with between 4 and 8 key points.
Stock photo: Getty Images Cyberattacks now cost the global economy trillions, yet most people still struggle to understand what actually happens when a breach occurs.
Research by Associate Professor Sky Marsen, an applied linguist and Communications course director at Flinders University, and Professor Robert Biddle, a computer scientist based from Carleton University, Canada, suggests a surprising reason for this gap: the language used to explain cybersecurity may be part of the problem.
In an experimental study comparing “figurative” cybersecurity language (terms such as phishing, virus, or trojan) with more literal explanations, the authors found that people understood incidents significantly better when the language was clearer and less metaphorical.
This challenges a widespread assumption in science communication – that metaphors help non-experts grasp complex ideas. In cybersecurity, the opposite may be true.
“These terms weren’t designed for the public in the first place,” explains Associate Professor Marsen. “They emerged from inside hacker culture, and terms that may sound creative and playful within expert communities, are often opaque to outsiders. When they are used in public communication, they can obscure rather than clarify what’s happening.”
Given the rise of cybersecurity concerns, Associate Professor Marsen says it’s timely to understand how non-experts understand cybersecurity words and metaphors – especially the figurative language created by computer scientists to describe cybersecurity incidents.
A lack of accurate information makes cybersecurity an issue that is difficult to clearly explain to the public – and this can lead to major losses for individuals and serious reputational damage for organizations.
“Organisations routinely tell customers they’ve been hit by phishing or a malware attack, but if people don’t fully understand what that means, they may not know how to respond or protect themselves,” says Associate Professor Marsen. “Worse is that unclear communication can downplay the responsibility of organisations, or leave users vulnerable.”
Using a set of cyberattack stories composed with figurative words and a set composed with more literal versions, and an online survey, the study examines whether the use of metaphor and neologism clarifies or obfuscates the technical aspects of cybersecurity for non-experts.
The results showed participants in the literal set scored significantly better in comprehension. However, participants made important errors in both literal and figurative versions. This underlines the need for organizations to employ language strategically and provide more effective explanations of cybersecurity situations.
Associate Professor Marsen says a key takeaway from this research is that paying attention to language choices in professional communication is not just a stylistic choice but a public safety issue.
The research – “Grok hackspeak? Communicating cybersecurity with figurative language”, by Sky Marsen and Robert Biddle – has been published by the International Journal of Business Communication. https://journals.sagepub.com/doi/10.1177/23294884251329160
