Heuristics and biases in cyber security dilemmas

We conducted 2 behavioral experiments to explore whether and how cyber security decision-making responses depend on gain–loss framing and salience of a primed recall prior experience. In Experiment I, we manipulated the frame (gain vs. loss) and the presence versus absence of a prior near-miss experience. Results suggest that the experience of a near-miss significantly increased respondents’ endorsement of safer response options under a gain frame. Overall, female respondents were more likely to select a risk averse (safe) response compared with males. Experiment II framed all consequences in a loss frame and manipulated recall to include one of three possible prior experiences: false alarm, near-miss, or a hit involving a loss of data. The manipulated prior hit experience significantly increased the likelihood of respondents’ endorsement of a safer response relative to the manipulated prior near-miss experience. Conversely, the manipulated prior false-alarm experience significantly decreased respondents’ likelihood of endorsing a safer response relative to the manipulated prior near-miss experience.