Position Paper) Can we afford to remain apathetic towards security apathy

that apathy towards security is a serious and, as of yet, underexplored issue in HCI. Secure and trustworthy design will have difficulty to ever really succeed if the user's priorities and intentions are contrary to these goals. The reasons for and different manifestations of security apathy have to be explored more thoroughly so that future design solutions can be evaluated not only on their success in general but also on how well they counteract varying degrees of security apathy. We want to push towards a more extensive approach towards security apathy, so that it will be possible to directly evaluate (both formatively and quantitatively), prevent and/or counteract security apathy on an application-specific as well as on a general level - an important milestone in IT-security. We are currently developing a questionnaire to elicit the degree of security apathy in users. With a way to measure the degree of security apathy we will be able to directly evaluate security feedback solutions in terms of how well they cope with apathetic attitudes and behavior.