IDEAS home Printed from https://ideas.repec.org/a/spr/infosf/v25y2023i3d10.1007_s10796-022-10274-5.html
   My bibliography  Save this article

Detecting Cybersecurity Threats: The Role of the Recency and Risk Compensating Effects

Author

Listed:
  • Roozmehr Safi

    (University of Missouri—Kansas City)

  • Glenn J. Browne

    (Texas Tech University)

Abstract

Detecting and responding to information security threats quickly and effectively is becoming increasingly crucial as modern attackers continue to engineer their attacks to operate covertly to maintain long-term access to victims’ systems after the initial penetration. We conducted an experiment to investigate various aspects of decision makers’ behavior in monitoring for threats in systems that potentially have been compromised by intrusions. In checking for threats, decision makers showed a recency effect: they deviated from optimal monitoring behavior by altering their checking pattern in response to recent random incidents. Decision makers’ monitoring behavior was also adversely affected when there was an increase in security, exhibiting a risk compensating behavior through which heightened security leads to debilitated security behaviors. Although the magnitude of the risk compensating behavior was significant, it was not enough to fully offset the benefits from added security. We discuss implications for theory and practice of information security.

Suggested Citation

  • Roozmehr Safi & Glenn J. Browne, 2023. "Detecting Cybersecurity Threats: The Role of the Recency and Risk Compensating Effects," Information Systems Frontiers, Springer, vol. 25(3), pages 1277-1292, June.
    • Handle: RePEc:spr:infosf:v:25:y:2023:i:3:d:10.1007_s10796-022-10274-5
    DOI: 10.1007/s10796-022-10274-5
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10796-022-10274-5
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1007/s10796-022-10274-5?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Rachel Croson & James Sundali, 2005. "The Gambler’s Fallacy and the Hot Hand: Empirical Data from Casinos," Journal of Risk and Uncertainty, Springer, vol. 30(3), pages 195-209, May.
    2. Chong, Alberto & Restrepo, Pascual, 2017. "Regulatory protective measures and risky behavior: Evidence from ice hockey," Journal of Public Economics, Elsevier, vol. 151(C), pages 1-11.
    3. Eunkyung Kweon & Hansol Lee & Sangmi Chai & Kyeongwon Yoo, 2021. "The Utility of Information Security Training and Education on Cybersecurity Incidents: An empirical evidence," Information Systems Frontiers, Springer, vol. 23(2), pages 361-373, April.
    4. Shuyuan Mary Ho & Merrill Warkentin, 2017. "Leader’s dilemma game: An experimental design for cyber insider threat research," Information Systems Frontiers, Springer, vol. 19(2), pages 377-396, April.
    5. Hwee-Joo Kam & Thomas Mattson & Sanjay Goel, 2020. "A Cross Industry Study of Institutional Pressures on Organizational Effort to Raise Information Security Awareness," Information Systems Frontiers, Springer, vol. 22(5), pages 1241-1264, October.
    6. Allen C Johnston & Merrill Warkentin & Maranda McBride & Lemuria Carter, 2016. "Dispositional and situational factors: influences on information security policy violations," European Journal of Information Systems, Taylor & Francis Journals, vol. 25(3), pages 231-251, May.
    7. Matthew Rabin, 2002. "Inference by Believers in the Law of Small Numbers," The Quarterly Journal of Economics, President and Fellows of Harvard College, vol. 117(3), pages 775-816.
    8. repec:eme:maj000:maj-07-2017-1596 is not listed on IDEAS
    9. Mansooreh Ezhei & Behrouz Tork Ladani, 2020. "Interdependency Analysis in Security Investment against Strategic Attacks," Information Systems Frontiers, Springer, vol. 22(1), pages 187-201, February.
    10. Leonard Evans, 1986. "Comments on Wilde's Notes on “Risk Homeostasis Theory and Traffic Accident Data”," Risk Analysis, John Wiley & Sons, vol. 6(1), pages 103-107, March.
    11. Leonard Evans, 1986. "Risk Homeostasis Theory and Traffic Accident Data," Risk Analysis, John Wiley & Sons, vol. 6(1), pages 81-94, March.
    12. Andy Weeger & Xuequn Wang & Heiko Gewald & Mahesh Raisinghani & Otavio Sanchez & Gerald Grant & Siddhi Pittayachawan, 2020. "Determinants of Intention to Participate in Corporate BYOD-Programs: The Case of Digital Natives," Information Systems Frontiers, Springer, vol. 22(1), pages 203-219, February.
    13. Peltzman, Sam, 1975. "The Effects of Automobile Safety Regulation," Journal of Political Economy, University of Chicago Press, vol. 83(4), pages 677-725, August.
    14. Thomas Stafford & George Deitz & Yaojie Li, 2018. "The role of internal audit and user training in information security policy compliance," Managerial Auditing Journal, Emerald Group Publishing Limited, vol. 33(4), pages 410-424, March.
    15. Susan Laury & Melayne McInnes & J. Swarthout, 2009. "Insurance decisions for low-probability losses," Journal of Risk and Uncertainty, Springer, vol. 39(1), pages 17-44, August.
    16. Vernon L. Smith, 1994. "Economics in the Laboratory," Journal of Economic Perspectives, American Economic Association, vol. 8(1), pages 113-131, Winter.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Semmens, John & Kresich, Dianne, 1987. "What If Everything We Know About Safety Is Wrong?," Journal of the Transportation Research Forum, Transportation Research Forum, vol. 28(1).
    2. Howard Kunreuther & Erwann Michel-Kerjan, 2015. "Demand for fixed-price multi-year contracts: Experimental evidence from insurance decisions," Journal of Risk and Uncertainty, Springer, vol. 51(2), pages 171-194, October.
    3. Dohmen, Thomas & Falk, Armin & Huffman, David & Marklein, Felix & Sunde, Uwe, 2009. "Biased probability judgment: Evidence of incidence and relationship to economic outcomes from a representative sample," Journal of Economic Behavior & Organization, Elsevier, vol. 72(3), pages 903-915, December.
    4. Sigrid Suetens & Claus B. Galbo-Jørgensen & Jean-Robert Tyran, 2016. "Predicting Lotto Numbers: A Natural Experiment on the Gambler's Fallacy and the Hot-Hand Fallacy," Journal of the European Economic Association, European Economic Association, vol. 14(3), pages 584-607.
    5. Lex Borghans & Bas ter Weel, 2008. "Understanding the Technology of Computer Technology Diffusion: Explaining Computer Adoption Patterns and Implications for the Wage Structure," Journal of Income Distribution, Ad libros publications inc., vol. 17(3-4), pages 37-70, September.
    6. Miller, Joshua Benjamin & Sanjurjo, Adam, 2018. "How Experience Confirms the Gambler's Fallacy when Sample Size is Neglected," OSF Preprints m5xsk, Center for Open Science.
    7. Joshua B. Miller & Adam Sanjurjo, 2015. "Is it a Fallacy to Believe in the Hot Hand in the NBA Three-Point Contest?," Working Papers 548, IGIER (Innocenzo Gasparini Institute for Economic Research), Bocconi University.
    8. Kaivanto, Kim & Kroll, Eike B., 2012. "Negative recency, randomization device choice, and reduction of compound lotteries," Economics Letters, Elsevier, vol. 115(2), pages 263-267.
    9. Daniel Chen & Tobias J. Moskowitz & Kelly Shue, 2016. "Decision-Making under the Gambler's Fallacy: Evidence from Asylum Judges, Loan Officers, and Baseball Umpires," NBER Working Papers 22026, National Bureau of Economic Research, Inc.
    10. Elena Asparouhova & Michael Hertzel & Michael Lemmon, 2009. "Inference from Streaks in Random Outcomes: Experimental Evidence on Beliefs in Regime Shifting and the Law of Small Numbers," Management Science, INFORMS, vol. 55(11), pages 1766-1782, November.
    11. Si Chen, 2022. "Information and dynamic trading with the Gambler’s fallacy," Mathematics and Financial Economics, Springer, volume 16, number 1, June.
    12. Kim Kaivanto & Eike Kroll, 2014. "Alternation bias and reduction in St. Petersburg gambles," Working Papers 65600286, Lancaster University Management School, Economics Department.
    13. Maximilian Späth & Daniel Goller, 2023. "Gender differences in investment reactions to irrelevant information," CEPA Discussion Papers 67, Center for Economic Policy Analysis.
    14. Maximilian Rüdisser & Raphael Flepp & Egon Franck, 2017. "Do casinos pay their customers to become risk-averse? Revising the house money effect in a field experiment," Experimental Economics, Springer;Economic Science Association, vol. 20(3), pages 736-754, September.
    15. François Salanié & Nicolas Treich, 2020. "Public and private incentives for self-protection," The Geneva Risk and Insurance Review, Palgrave Macmillan;International Association for the Study of Insurance Economics (The Geneva Association), vol. 45(2), pages 104-113, September.
    16. Yanlong Sun & Hongbin Wang, 2010. "Gambler's fallacy, hot hand belief, and the time of patterns," Judgment and Decision Making, Society for Judgment and Decision Making, vol. 5(2), pages 124-132, April.
    17. Joshua B. Miller & Adam Sanjurjo, 2014. "A Cold Shower for the Hot Hand Fallacy," Working Papers 518, IGIER (Innocenzo Gasparini Institute for Economic Research), Bocconi University.
    18. He, Kevin, 2022. "Mislearning from censored data: The gambler's fallacy and other correlational mistakes in optimal-stopping problems," Theoretical Economics, Econometric Society, vol. 17(3), July.
    19. Doidge, Mary & Feng, Hongli & Hennessy, David A., 2017. "A test of the gambler’s and hot hand fallacies in farmers’ weather and market predictions," 2017 Annual Meeting, July 30-August 1, Chicago, Illinois 258457, Agricultural and Applied Economics Association.
    20. Nattavudh Powdthavee & Yohanes E. Riyanto, 2012. "Why Do People Pay for Useless Advice?," CEP Discussion Papers dp1153, Centre for Economic Performance, LSE.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:infosf:v:25:y:2023:i:3:d:10.1007_s10796-022-10274-5. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.