Risk as affect: the affect heuristic in cybersecurity

Paul Van Schaik, Karen Renaud, Chris Wilson, Jurjen Jansen, Joseph Onibokun

Research output: Contribution to journalArticlepeer-review

47 Downloads (Pure)


Risk perception is an important driver of netizens' (Internet
users') cybersecurity behaviours, with a number of factors influencing
its formation. It has been argued that the affect heuristic can be a
source of variation in generic risk perception. However, a major
shortcoming of the supporting research evidence for this assertion is
that the central construct, affect, has not been measured or analysed.
Moreover, its influence in the cybersecurity domain has not yet been
tested. The contribution of the research reported in this paper is thus:
firstly, to test the affect heuristic while measuring its three
constructs: affect, perceived risk and perceived benefit and, secondly,
to test its impact in the cybersecurity domain. By means of two
carefully designed studies (N = 63 and N = 233), we provide evidence for
the influence of the affect heuristic on risk perception in the
cybersecurity domain. We conclude by identifying directions for future
research into the role of affect and its impact on cybersecurity risk
Original languageEnglish
Article number101651
JournalComputers and Security
Early online date19 Oct 2019
Publication statusPublished - 31 Mar 2020

Bibliographical note

Paul van Schaik, PhD, is a Professor in the Department of Psychology at Teesside University, United Kingdom. His research interests focus on applied cognitive psychology and include the psychology of human–computer interaction, information security and information privacy, technology acceptance, user experience, and the psychology of judgement and decision-making, and complex/big-data analysis.
Contact details: Prof. Paul van Schaik PhD, Department of Psychology, Sport and Exercise, School of Social Sciences, Humanities and Law, Teesside University, Middlesbrough, TS1 3BA, United Kingdom. E-mail: P.Van-Schaik@tees.ac.uk.

Karen Renaud, PhD, is a Scottish Computing Scientist and working on all aspects of Human-Centred Security and Privacy. She is Professor of Cyber Security at Abertay University in Dundee, Scotland. She was educated at the Universities of Pretoria, South Africa and Glasgow. Her research been funded by the Association of Commonwealth Universities, the Royal Society, the Royal Academy of Engineers and the Fulbright Commission. She is particularly interested in deploying behavioural science techniques to improve security behaviours, and in encouraging end-user privacy-preserving behaviours. Her research approach is multi-disciplinary, essentially learning from other, more established, fields and harnessing methods and techniques from other disciplines to understand and influence cyber security behaviours. Karen is associate editor for Transactions on Computer Forensics and Security, Information Technology and People, the International Journal of Human Computer Studies and the Journal of Intellectual Capital.
Contact details: Division of Cyber Security, School of Design & Informatics, Abertay University, Kydd Building, Bell Street, Dundee, DD1 1HG. E-mail: k.renaud@abertay.ac.uk

Jurjen Jansen, PhD, is a senior researcher at the Cybersafety Research Group of NHL Stenden University of Applied Sciences and the Dutch Police Academy. In 2018, he obtained his PhD in behavioural information security from the Open University of the Netherlands. His research interests include human aspects of information security, cybercrime, victimization, human-computer interaction and behavioural change.
Contact details: Cybersafety Research Group, NHL Stenden University of Applied Science and the Dutch Police Academy, Rengerslaan 8-10, 8917 DD Leeuwarden, the Netherlands. E-mail: j.jansen@nhl.nl.

Joseph Onibokun, PhD, is a senior e-marketing analyst at Sainsburys Bank, Edinburgh, United Kingdom. In 2012, he obtained his PhD on the topic of the acceptance of social networks from Teesside University, United Kingdom. His research interests are in human-computer interaction and behavioural computer security.
Contact details: Sainsburys Bank, 3 Lochside Avenue, Edinburgh Park, EH12 9DG, United Kingdom. E-mail: joseph.onibokun@yahoo.co.uk


Dive into the research topics of 'Risk as affect: the affect heuristic in cybersecurity'. Together they form a unique fingerprint.

Cite this