IDEAS home Printed from https://ideas.repec.org/a/spr/infosf/v25y2023i3d10.1007_s10796-022-10274-5.html
   My bibliography  Save this article

Detecting Cybersecurity Threats: The Role of the Recency and Risk Compensating Effects

Author

Listed:
  • Roozmehr Safi

    (University of Missouri—Kansas City)

  • Glenn J. Browne

    (Texas Tech University)

Abstract

Detecting and responding to information security threats quickly and effectively is becoming increasingly crucial as modern attackers continue to engineer their attacks to operate covertly to maintain long-term access to victims’ systems after the initial penetration. We conducted an experiment to investigate various aspects of decision makers’ behavior in monitoring for threats in systems that potentially have been compromised by intrusions. In checking for threats, decision makers showed a recency effect: they deviated from optimal monitoring behavior by altering their checking pattern in response to recent random incidents. Decision makers’ monitoring behavior was also adversely affected when there was an increase in security, exhibiting a risk compensating behavior through which heightened security leads to debilitated security behaviors. Although the magnitude of the risk compensating behavior was significant, it was not enough to fully offset the benefits from added security. We discuss implications for theory and practice of information security.

Suggested Citation

  • Roozmehr Safi & Glenn J. Browne, 2023. "Detecting Cybersecurity Threats: The Role of the Recency and Risk Compensating Effects," Information Systems Frontiers, Springer, vol. 25(3), pages 1277-1292, June.
    • Handle: RePEc:spr:infosf:v:25:y:2023:i:3:d:10.1007_s10796-022-10274-5
    DOI: 10.1007/s10796-022-10274-5
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10796-022-10274-5
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1007/s10796-022-10274-5?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Rachel Croson & James Sundali, 2005. "The Gambler’s Fallacy and the Hot Hand: Empirical Data from Casinos," Journal of Risk and Uncertainty, Springer, vol. 30(3), pages 195-209, May.
    2. Eunkyung Kweon & Hansol Lee & Sangmi Chai & Kyeongwon Yoo, 2021. "The Utility of Information Security Training and Education on Cybersecurity Incidents: An empirical evidence," Information Systems Frontiers, Springer, vol. 23(2), pages 361-373, April.
    3. Hwee-Joo Kam & Thomas Mattson & Sanjay Goel, 2020. "A Cross Industry Study of Institutional Pressures on Organizational Effort to Raise Information Security Awareness," Information Systems Frontiers, Springer, vol. 22(5), pages 1241-1264, October.
    4. Allen C Johnston & Merrill Warkentin & Maranda McBride & Lemuria Carter, 2016. "Dispositional and situational factors: influences on information security policy violations," European Journal of Information Systems, Taylor & Francis Journals, vol. 25(3), pages 231-251, May.
    5. Matthew Rabin, 2002. "Inference by Believers in the Law of Small Numbers," The Quarterly Journal of Economics, President and Fellows of Harvard College, vol. 117(3), pages 775-816.
    6. Mansooreh Ezhei & Behrouz Tork Ladani, 2020. "Interdependency Analysis in Security Investment against Strategic Attacks," Information Systems Frontiers, Springer, vol. 22(1), pages 187-201, February.
    7. Thomas Stafford & George Deitz & Yaojie Li, 2018. "The role of internal audit and user training in information security policy compliance," Managerial Auditing Journal, Emerald Group Publishing Limited, vol. 33(4), pages 410-424, March.
    8. Chong, Alberto & Restrepo, Pascual, 2017. "Regulatory protective measures and risky behavior: Evidence from ice hockey," Journal of Public Economics, Elsevier, vol. 151(C), pages 1-11.
    9. Shuyuan Mary Ho & Merrill Warkentin, 2017. "Leader’s dilemma game: An experimental design for cyber insider threat research," Information Systems Frontiers, Springer, vol. 19(2), pages 377-396, April.
    10. repec:eme:maj000:maj-07-2017-1596 is not listed on IDEAS
    11. Leonard Evans, 1986. "Comments on Wilde's Notes on “Risk Homeostasis Theory and Traffic Accident Data”," Risk Analysis, John Wiley & Sons, vol. 6(1), pages 103-107, March.
    12. Leonard Evans, 1986. "Risk Homeostasis Theory and Traffic Accident Data," Risk Analysis, John Wiley & Sons, vol. 6(1), pages 81-94, March.
    13. Andy Weeger & Xuequn Wang & Heiko Gewald & Mahesh Raisinghani & Otavio Sanchez & Gerald Grant & Siddhi Pittayachawan, 2020. "Determinants of Intention to Participate in Corporate BYOD-Programs: The Case of Digital Natives," Information Systems Frontiers, Springer, vol. 22(1), pages 203-219, February.
    14. Peltzman, Sam, 1975. "The Effects of Automobile Safety Regulation," Journal of Political Economy, University of Chicago Press, vol. 83(4), pages 677-725, August.
    15. Susan Laury & Melayne McInnes & J. Swarthout, 2009. "Insurance decisions for low-probability losses," Journal of Risk and Uncertainty, Springer, vol. 39(1), pages 17-44, August.
    16. Vernon L. Smith, 1994. "Economics in the Laboratory," Journal of Economic Perspectives, American Economic Association, vol. 8(1), pages 113-131, Winter.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Semmens, John & Kresich, Dianne, 1987. "What If Everything We Know About Safety Is Wrong?," Journal of the Transportation Research Forum, Transportation Research Forum, vol. 28(1).
    2. Howard Kunreuther & Erwann Michel-Kerjan, 2015. "Demand for fixed-price multi-year contracts: Experimental evidence from insurance decisions," Journal of Risk and Uncertainty, Springer, vol. 51(2), pages 171-194, October.
    3. Dohmen, Thomas & Falk, Armin & Huffman, David & Marklein, Felix & Sunde, Uwe, 2009. "Biased probability judgment: Evidence of incidence and relationship to economic outcomes from a representative sample," Journal of Economic Behavior & Organization, Elsevier, vol. 72(3), pages 903-915, December.
    4. Lex Borghans & Bas ter Weel, 2008. "Understanding the Technology of Computer Technology Diffusion: Explaining Computer Adoption Patterns and Implications for the Wage Structure," Journal of Income Distribution, Ad libros publications inc., vol. 17(3-4), pages 37-70, September.
    5. Miller, Joshua Benjamin & Sanjurjo, Adam, 2018. "How Experience Confirms the Gambler's Fallacy when Sample Size is Neglected," OSF Preprints m5xsk, Center for Open Science.
    6. Elena Asparouhova & Michael Hertzel & Michael Lemmon, 2009. "Inference from Streaks in Random Outcomes: Experimental Evidence on Beliefs in Regime Shifting and the Law of Small Numbers," Management Science, INFORMS, vol. 55(11), pages 1766-1782, November.
    7. Si Chen, 2022. "Information and dynamic trading with the Gambler’s fallacy," Mathematics and Financial Economics, Springer, volume 16, number 1, June.
    8. Kim Kaivanto & Eike Kroll, 2014. "Alternation bias and reduction in St. Petersburg gambles," Working Papers 65600286, Lancaster University Management School, Economics Department.
    9. François Salanié & Nicolas Treich, 2020. "Public and private incentives for self-protection," The Geneva Risk and Insurance Review, Palgrave Macmillan;International Association for the Study of Insurance Economics (The Geneva Association), vol. 45(2), pages 104-113, September.
    10. Yanlong Sun & Hongbin Wang, 2010. "Gambler's fallacy, hot hand belief, and the time of patterns," Judgment and Decision Making, Society for Judgment and Decision Making, vol. 5(2), pages 124-132, April.
    11. He, Kevin, 2022. "Mislearning from censored data: The gambler's fallacy and other correlational mistakes in optimal-stopping problems," Theoretical Economics, Econometric Society, vol. 17(3), July.
    12. Nattavudh Powdthavee & Yohanes E. Riyanto, 2012. "Why Do People Pay for Useless Advice?," CEP Discussion Papers dp1153, Centre for Economic Performance, LSE.
    13. Daniel J. Benjamin, 2018. "Errors in Probabilistic Reasoning and Judgment Biases," NBER Working Papers 25200, National Bureau of Economic Research, Inc.
    14. Qingxia Kong & Georg D. Granic & Nicolas S. Lambert & Chung Piaw Teo, 2020. "Judgment Error in Lottery Play: When the Hot Hand Meets the Gambler’s Fallacy," Management Science, INFORMS, vol. 66(2), pages 844-862, February.
    15. Daniel L. Chen & Tobias J. Moskowitz & Kelly Shue, 2016. "Decision Making Under the Gambler’s Fallacy: Evidence from Asylum Judges, Loan Officers, and Baseball Umpires," The Quarterly Journal of Economics, President and Fellows of Harvard College, vol. 131(3), pages 1181-1242.
    16. Joshua B. Miller & Adam Sanjurjo, 2018. "Surprised by the Hot Hand Fallacy? A Truth in the Law of Small Numbers," Econometrica, Econometric Society, vol. 86(6), pages 2019-2047, November.
    17. Jürgen Huber & Michael Kirchler & Thomas Stöckl, 2010. "The hot hand belief and the gambler’s fallacy in investment decisions under risk," Theory and Decision, Springer, vol. 68(4), pages 445-462, April.
    18. Joshua B. Miller & Adam Sanjurjo, 2019. "Surprised by the Hot Hand Fallacy? A Truth in the Law of Small Numbers," Papers 1902.01265, arXiv.org.
    19. Andrew Royal, 2017. "Dynamics in risk taking with a low-probability hazard," Journal of Risk and Uncertainty, Springer, vol. 55(1), pages 41-69, August.
    20. Neszveda, G., 2019. "Essays on behavioral finance," Other publications TiSEM 05059039-5236-42a3-be1b-3, Tilburg University, School of Economics and Management.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:infosf:v:25:y:2023:i:3:d:10.1007_s10796-022-10274-5. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.