Risk as affect: the affect heuristic in cybersecurity

Paul van Schaik*, Karen Renaud, Jurjen Jansen, Joseph Onibokun

*Corresponding author for this work

Research output: Contribution to journalArticle

Abstract

Risk perception is an important driver of netizens’ (Internet users’) cybersecurity behaviours, with a number of factors influencing its formation. It has been argued that the affect heuristic can be a source of variation in generic risk perception. However, a major shortcoming of the supporting research evidence for this assertion is that the central construct, affect, has not been measured or analysed. Moreover, its influence in the cybersecurity domain has not yet been tested. The contribution of the research reported in this paper is thus, firstly, to test the affect heuristic while measuring its three constructs: affect, perceived risk and perceived benefit and, secondly, to test its impact in the cybersecurity domain. By means of two carefully designed studies (N = 63 and N = 233), we provide evidence for the influence of the affect heuristic on risk perception in the cybersecurity domain. We conclude by identifying directions for future research into the role of affect and its impact on cybersecurity risk perception.
Original languageEnglish
Article number101651
Number of pages16
JournalComputers and Security
Volume90
Early online date19 Oct 2019
DOIs
Publication statusE-pub ahead of print - 19 Oct 2019

Fingerprint

Risk perception
heuristics
Internet
evidence
driver

Cite this

Schaik, Paul van ; Renaud, Karen ; Jansen, Jurjen ; Onibokun, Joseph. / Risk as affect : the affect heuristic in cybersecurity. In: Computers and Security. 2020 ; Vol. 90.
@article{72ed3655c5cd4ac684aca85f8950f927,
title = "Risk as affect: the affect heuristic in cybersecurity",
abstract = "Risk perception is an important driver of netizens’ (Internet users’) cybersecurity behaviours, with a number of factors influencing its formation. It has been argued that the affect heuristic can be a source of variation in generic risk perception. However, a major shortcoming of the supporting research evidence for this assertion is that the central construct, affect, has not been measured or analysed. Moreover, its influence in the cybersecurity domain has not yet been tested. The contribution of the research reported in this paper is thus, firstly, to test the affect heuristic while measuring its three constructs: affect, perceived risk and perceived benefit and, secondly, to test its impact in the cybersecurity domain. By means of two carefully designed studies (N = 63 and N = 233), we provide evidence for the influence of the affect heuristic on risk perception in the cybersecurity domain. We conclude by identifying directions for future research into the role of affect and its impact on cybersecurity risk perception.",
author = "Schaik, {Paul van} and Karen Renaud and Jurjen Jansen and Joseph Onibokun",
year = "2019",
month = "10",
day = "19",
doi = "10.1016/j.cose.2019.101651",
language = "English",
volume = "90",
journal = "Computers and Security",
issn = "0167-4048",
publisher = "Elsevier Limited",

}

Risk as affect : the affect heuristic in cybersecurity. / Schaik, Paul van; Renaud, Karen; Jansen, Jurjen; Onibokun, Joseph.

In: Computers and Security, Vol. 90, 101651, 01.03.2020.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Risk as affect

T2 - the affect heuristic in cybersecurity

AU - Schaik, Paul van

AU - Renaud, Karen

AU - Jansen, Jurjen

AU - Onibokun, Joseph

PY - 2019/10/19

Y1 - 2019/10/19

N2 - Risk perception is an important driver of netizens’ (Internet users’) cybersecurity behaviours, with a number of factors influencing its formation. It has been argued that the affect heuristic can be a source of variation in generic risk perception. However, a major shortcoming of the supporting research evidence for this assertion is that the central construct, affect, has not been measured or analysed. Moreover, its influence in the cybersecurity domain has not yet been tested. The contribution of the research reported in this paper is thus, firstly, to test the affect heuristic while measuring its three constructs: affect, perceived risk and perceived benefit and, secondly, to test its impact in the cybersecurity domain. By means of two carefully designed studies (N = 63 and N = 233), we provide evidence for the influence of the affect heuristic on risk perception in the cybersecurity domain. We conclude by identifying directions for future research into the role of affect and its impact on cybersecurity risk perception.

AB - Risk perception is an important driver of netizens’ (Internet users’) cybersecurity behaviours, with a number of factors influencing its formation. It has been argued that the affect heuristic can be a source of variation in generic risk perception. However, a major shortcoming of the supporting research evidence for this assertion is that the central construct, affect, has not been measured or analysed. Moreover, its influence in the cybersecurity domain has not yet been tested. The contribution of the research reported in this paper is thus, firstly, to test the affect heuristic while measuring its three constructs: affect, perceived risk and perceived benefit and, secondly, to test its impact in the cybersecurity domain. By means of two carefully designed studies (N = 63 and N = 233), we provide evidence for the influence of the affect heuristic on risk perception in the cybersecurity domain. We conclude by identifying directions for future research into the role of affect and its impact on cybersecurity risk perception.

U2 - 10.1016/j.cose.2019.101651

DO - 10.1016/j.cose.2019.101651

M3 - Article

VL - 90

JO - Computers and Security

JF - Computers and Security

SN - 0167-4048

M1 - 101651

ER -