Risk as affect: the affect heuristic in cybersecurity

Paul van Schaik*, Karen Renaud, Jurjen Jansen, Joseph Onibokun

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

12 Citations (Scopus)
410 Downloads (Pure)


Risk perception is an important driver of netizens’ (Internet users’) cybersecurity behaviours, with a number of factors influencing its formation. It has been argued that the affect heuristic can be a source of variation in generic risk perception. However, a major shortcoming of the supporting research evidence for this assertion is that the central construct, affect, has not been measured or analysed. Moreover, its influence in the cybersecurity domain has not yet been tested. The contribution of the research reported in this paper is thus, firstly, to test the affect heuristic while measuring its three constructs: affect, perceived risk and perceived benefit and, secondly, to test its impact in the cybersecurity domain. By means of two carefully designed studies (N = 63 and N = 233), we provide evidence for the influence of the affect heuristic on risk perception in the cybersecurity domain. We conclude by identifying directions for future research into the role of affect and its impact on cybersecurity risk perception.
Original languageEnglish
Article number101651
Number of pages16
JournalComputers and Security
Early online date19 Oct 2019
Publication statusPublished - 1 Mar 2020


  • Affect
  • Risk perception
  • Cybersecurity
  • Benefit perception
  • Affect heuristic


Dive into the research topics of 'Risk as affect: the affect heuristic in cybersecurity'. Together they form a unique fingerprint.

Cite this