Abstract
This study provides an analysis of individual perceptions of cyber risks amongst professional decision makers. Data are collected using a survey of corporate professionals who are engaged in risk and insurance decision-making in various functional roles mainly in large companies. The study focuses on the perceived probability as well as the anticipated financial impact of cyber risks. Behavioural factors - the availability heuristic, threshold level of concern, degree of worry and trust in one's own organisation's capabilities - are found to have significant influences on the perceived probability and impact of cyberattacks. The probability of a successful cyberattack is overestimated, and the financial impact is underestimated. Given the high perceived expected value of cyberattack losses relative to the costs of cyber risk insurance, it appears that professional decision makers deviate from the expected value-based decision-making by being reluctant to insure for cyber risk.
Original language | English |
---|---|
Pages (from-to) | 239-274 |
Number of pages | 36 |
Journal | Geneva Papers on Risk and Insurance: Issues and Practice |
Volume | 43 |
Issue number | 2 |
DOIs | |
Publication status | Published - 1 Apr 2018 |
Keywords
- availability heuristic
- insurance demand
- intuitive thinking
- risk perceptions