Skip to main content

Security Behaviour, Risk Perceptions and Types of Rationality

Security Behaviour, Risk Perceptions and Types of Rationality

Decisions in information security are influenced by the decision-maker’s subjective perceptions of risk. This fact holds for security professionals, e.g. CISOs, who, in the lack of an established economic model have to invest in security controls. It also holds for any other security-related decision, e.g. on users’ behaviours online or why some groups fall more easily for scams and frauds than others (including social engineering and phishing). Additionally to subjectivity, biases and heuristics also influence choices and behaviour. The immediate result is that although humans are often considered as fully rational agents when making decisions (the so-called ‘homo economicus’), such behaviour is not empirically observed. Instead, we – as humans – tend to utilize different types of ‘rationality’ for our choices. Thus, subjectivity, expressed, for example, as preferences, biases, and distorted risk perceptions, and they type of ‘rationality’ utilized along with heuristics, constitute key factors for explaining decisions.    

  • Konstantinos Mersinas (ISG, HIVE) 
  • Keith Martin (ISG) 
  • Bjoern Hartig (Economics) 
  • Andy Selzer (Economics) 
  • Dawn Watling (Psychology, HIVE) 
  • Jane Marriott (Law, HIVE) 

Mersinas, K., Sobb, T., Sample, C., Bakdash, J.Z. and Ormrod, D. (2019) October. Training Data and Rationality. In ECIAIR 2019 European Conference on the Impact of Artificial Intelligence and Robotics(p. 225).  

Mersinas, K., Hartig, B., Martin, K. M., & Seltzer, A. (2016). Are information security professionals expected value maximizers?: An experiment and survey-based test. Journal of Cybersecurity2(1), 57-70. 

Mersinas, K., Hartig, B., Martin, K. M., & Seltzer, A. (2016, June). Measuring Attitude towards Risk Treatment Actions amongst Information Security Professionals: an Experimental Approach. In Workshop on the Economics of Information Security, Berkeley, CA.  

Mersinas, K., Hartig, B., Martin, K. M., & Seltzer, A. (2015, June). Experimental Elicitation of Risk Behaviour amongst Information Security Professionals. Workshop on the Economics of Information Security, Delft, The Netherlands. 

 

Impact: our behavioural experiments have been cited in the 2018 direction-setting report ‘Cyber Risk Economics Capability Gaps Research Strategy’ by the U.S. Department of Homeland Security. 

Funding (HIVE) 

  • Strategic Knowledge Exchange Collaborations: Internal competition, (£22,000), 2020. 
  • Research consultancy with KPMG Netherlands, (£25,000), 2019. 
  • Two projects initially funded by the Higher Education Innovation Fund (HEIF), 2018: 
    i) Protecting adolescents from cyberbullying / cyberstalking, 
    ii) Protecting the elderly from financial abuse. 

 

HIVE - Hub for research into Interdisciplinary Vulnerability to Exploitation 

http://pc.rhul.ac.uk/sites/hive/ 

Explore Royal Holloway

Get help paying for your studies at Royal Holloway through a range of scholarships and bursaries.

There are lots of exciting ways to get involved at Royal Holloway. Discover new interests and enjoy existing ones

Heading to university is exciting. Finding the right place to live will get you off to a good start

Whether you need support with your health or practical advice on budgeting or finding part-time work, we can help

Discover more about our 21 departments and schools

Find out why Royal Holloway is in the top 25% of UK universities for research rated ‘world-leading’ or ‘internationally excellent’

Royal Holloway is a research intensive university and our academics collaborate across disciplines to achieve excellence.

Discover world-class research at Royal Holloway

Discover more about who we are today, and our vision for the future

Royal Holloway began as two pioneering colleges for the education of women in the 19th century, and their spirit lives on today

We’ve played a role in thousands of careers, some of them particularly remarkable

Find about our decision-making processes and the people who lead and manage Royal Holloway today