Bias and noise in security risk assessments, an empirical study on the information position and confidence of security professionals

Johan de Wit*, Wolter Pieters, Pieter van Gelder

*Corresponding author for this work

Research output: Contribution to journalArticleScientificpeer-review

20 Downloads (Pure)

Abstract

Professionals working in both the physical and cybersecurity domain need to assess and evaluate security risks. As information on risks in general and security risks in particular is often imperfect and intractable, these professionals are facing a challenge in judging both likelihood and consequences, but how much do their existing psychological biases play a role in these judgments? In this paper, we present new empirical evidence on the perception of the information position and confidence levels of security professionals, the influence of detailed information and the conjunction fallacy, and the level of noise in security assessments. This paper adds to the literature by examining, for the first time, risk assessments by professionals in realistic, real life, security cases. The results show clear indications for overconfidence, comparative ignorance, influence of the conjunction fallacy, and influence of individual experience on security decision making in the professional security domain. The observed phenomena might have far reaching effects on security risk management in organizations and society.
Original languageEnglish
Pages (from-to)170-191
Number of pages22
JournalSecurity Journal
Volume37
Issue number1
DOIs
Publication statusPublished - 2023

Bibliographical note

Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

Keywords

  • Confidence
  • Conjunction fallacy
  • Decision biases
  • Information position
  • Noise
  • Security assessment

Fingerprint

Dive into the research topics of 'Bias and noise in security risk assessments, an empirical study on the information position and confidence of security professionals'. Together they form a unique fingerprint.

Cite this