Risk as affect: The affect heuristic in cybersecurity

Exploring the Frontiers of Cybersecurity Behavior: A Systematic Review of Studies and Theories

Cybersecurity procedures and policies are prevalent countermeasures for protecting organizations from cybercrimes and security incidents. Without considering human behaviors, implementing these countermeasures will remain useless. Cybersecurity behavior has gained much attention in recent years. However, a systematic review that provides extensive insights into cybersecurity behavior through different technologies and services and covers various directions in large-scale research remains lacking. Therefore, this study retrieved and analyzed 2210 articles published on cybersecurity behavior. The retrieved articles were then thoroughly examined to meet the inclusion and exclusion criteria, in which 39 studies published between 2012 and 2021 were ultimately picked for further in-depth analysis. The main findings showed that the protection motivation theory (PMT) dominated the list of theories and models examining cybersecurity behavior. Cybersecurity behavior and intention behavior counted for the highest purpose for most studies, with fewer studies focusing on cybersecurity awareness and compliance behavior. Most examined studies were conducted in individualistic contexts with limited exposure to collectivistic societies. A total of 56% of the analyzed studies focused on the organizational level, indicating that the individual level is still in its infancy stage. To address the research gaps in cybersecurity behavior at the individual level, this review proposes a number of research agendas that can be considered in future research. This review is believed to improve our understanding by revealing the full potential of cybersecurity behavior and opening the door for further research opportunities.

Tackling Verification and Validation Techniques to Evaluate Cyber Situational Awareness Capabilities

Since cyberspace was identified as a domain of operations, defence practitioners started a race with academy, researchers, and industry and military organizations working together towards defining related lines of capability development (e.g., DOTMLPFI) and exploring the needs and opportunities they entail. An essential cornerstone of adapting to the convergence of the cyber domain with conventional theaters of operation is the need for producing tools for easing to acquire cyber situational awareness (CSA), from which human operators shall be able to perceive, reason and project situations and events observed in cyberspace that may vertically/horizontally propagate from technological to tactical, operational and strategic planes. Benefiting from the higher maturity level of civilian capabilities for cybersecurity, the military sector has embraced the challenge of creating related beyond state-of-the-art CSA enablers that comprise the existing technological background while adopting concepts such as operations, missions or courses of action (CoAs), properly aligning them with military doctrine. Beyond ongoing development efforts, there is a wide methodological gap in the lack of suitable CSA verification and validation (V&V) frameworks, which are expected to analyze if related capabilities meet the requirements to operate in the military context; at the same time supporting the thorough development life-cycle of brand new cyber defence technologies. With the motivation of closing the identified gap, this research introduces a novel V&V framework able to guide the evaluation of CSA-related tools, which makes converge purely military aspects with dual-use state-of-the-art V&V approaches. Three core CSA evaluation concepts are discussed in-depth: software, operational and application tests. They range from the daily application of new capabilities to their ability to enable the acquisition of a joint operational picture understandable by human decision makers.

College Students’ Entrepreneurial Intention and Alertness in the Context of the COVID-19 Pandemic

This research aims to explore how the COVID-19 pandemic has affected college students’ entrepreneurial intention (EI), as well as whether the well-studied link between entrepreneurial alertness (EA) and EI is involved. Data were collected from 612 respondents, and using the stepwise regression method we examined the moderating role of college students’ perceived risk of COVID-19 on the connection between EA and EI. The results show that students’ perceived risk of COVID-19 reduces their EI. Furthermore, the perceived risk of COVID-19 attenuates the relationship between EA and EI. Specifically, those who perceived a greater risk tended to show lower EI. This article contributes to a better understanding of how the relationship between EA and EI has changed during the pandemic.

Decision-Makers’ Understanding of Cyber-Security’s Systemic and Dynamic Complexity: Insights from a Board Game for Bank Managers

Cyber-security incidents show how difficult it is to make optimal strategic decisions in such a complex environment. Given that it is hard for researchers to observe organisations’ decision-making processes driving cyber-security strategy, we developed a board game that mimics this real-life environment and shows the challenges of decision-making. We observed cyber-security experts participating in the game. The results showed that decision-makers who performed poorly tended to employ heuristics, leading to fallacious decision approaches (overreaction strategies in place of proactive ones), and were not always aware of their poor performances. We advocate the need for decision support tools that capture this complex dynamic nature.

Tourists’ Safety Perception Clues in the Urban Forest Environment: Visual Quality, Facility Completeness, Accessibility—A Case Study of Urban Forests in Fuzhou, China

The service quality and safety perception of urban forests are important factors that influence tourists to choose them as recreation destinations. This study aims to propose a theoretical model of multivariate relationships to explore the relationship between service quality (including visual quality, facility completeness, and accessibility) and safety perception to examine whether visual quality, facility completeness, and accessibility on tourists’ safety perception in the urban forest and to explain the specific reasons for the impact. We collected sample data from many urban forest green spaces in Fuzhou through a two-stage field survey (N = 891), and controlling for potential confounders, a structural equation model was used to estimate relationships. Safety perception was divided into safety environment perception, control perception, and safety emotion. Visual quality of an urban forest positively affected safety emotion. Traffic accessibility positively affected control perception. Facility completeness had a positive impact on safety emotion and control perception. Both safety emotion and control perception played an important intermediary role in improving the perception of a safe environment in the multivariate model. Visual quality, facility completeness, and accessibility all had a positive impact on tourists’ safety perception of urban forests. The findings suggest that improving the service quality of a green space can effectively improve tourists’ evaluation of the safety of the urban forest environment. Specifically, tourists’ psychological tolerance to threats and their self-confidence in survival can be enhanced by improving the service quality of a green space.

The Landscape of Risk Perception Research: A Scientometric Analysis

Risk perception is important in organizational and societal governance contexts. This article presents a high-level analysis of risk perception research using Web of Science core collection databases, scientometrics methods and visualization tools. The focus is on trends in outputs, geographical and temporal trends, and patterns in the associated scientific categories. Thematic clusters and temporal dynamics of focus topics are identified using keyword analysis. A co-citation analysis is performed to identify the evolution of research fronts and key documents. The results indicate that research output is growing fast, with most contributions originating from western countries. The domain is highly interdisciplinary, rooted in psychology and social sciences, but branching into domains related to environmental sciences, medicine, and engineering. Significant research themes focus on perceptions related to health, with a focus on cancer, human immunodeficiency virus, and epidemiology, natural hazards and major disasters, traffic accidents, technological and industrial risks, and customer trust. Risk perception research originated from consumer choice decisions, with subsequent research fronts focusing on understanding the risk perception concept, and on developing taxonomies and measurement methods. Applied research fronts focus on environmental hazards, traffic accidents, breast cancer and, more recently, e-commerce transactions and flood risk. Based on the results, various avenues for future research are described.