Search for: All records

Despite ground-breaking technological advances, scientists still have difficulty patching one of the most threatening bugs in the cyber world: human error. Individuals constitute a unique vulnerability in cybersecurity because they systematically make errors when perceiving their own risk. Specifically, individuals underestimate their own susceptibility to cyber-attacks. Among the most common ways companies seek to improve security is presenting clients and employees with base rate information on the prevalence of cyber threats and the likelihood of the general population to succumb to them. This strategy is intended to increase the accuracy with which clients and employees assess their threat levels. However, outcomes typically fall short of this goal. We review the differential use of base rate information as a cognitive and motivational bias that contributes to forecasting errors and accuracy in self and social risk assessment. We also examine two dimensions of sociocultural orientation: individualism-collectivism and tightness-looseness-and their potential influence on the use of base rate information. We discuss implications for interventions that could mitigate the threat of cyber-attacks 

How do people assess the likelihood of personal risk in online activity? In three pilot experiments and one preregistered experiment, we tested the motivational and cognitive mechanisms that shape self and social judgments of cyber security. In Pilot Studies 1–3, we probed for evidence of differential use of base rate information in forecasting the likelihood oneself or another person would engage in a risky behavior. In the preregistered experiment, we gathered direct evidence of differential use of base rate information through covert eye-tracking. Data suggest people self-enhance when assessing risk, believing they are less likely than others to engage in actions that pose a threat to their cyber security, particularly because they rely less on base rate information when predicting their own behavior compared to others’ behavior. Self and social judgments were not different when scenarios posed no risk. We discuss implications for self-insight and interventions to curb risky behavior in online activity.