The research article explores the influence of optimism bias on decision-making in cyber risk management, and introduces a novel model that integrates utility loss aversion — a previously unexplored factor in this context. The study finds that decision-makers who have self-protection as their primary reference point tend to underinvest in additional cyber risk management measures, providing support for the optimism bias observed in the cyber-insurance market. Additionally, individuals with higher levels of loss aversion demonstrate a reluctance to invest in supplementary cyber risk mitigation strategies.
Taken together, these findings offer an explanation for the low demand for cyber-insurance. This lack of investment not only affects corporate risk management strategies, but also has broader consequences for public policy and the management of systemic cyber risks that can have substantial economic and societal impacts. By introducing the concept of utility loss aversion, the study sheds light on the cognitive underpinnings that drive decision-making in cyber risk management, providing valuable insights for policymakers, businesses and individuals alike.
###
References
DOI
Original Source URL
https://doi.org/10.1016/j.risk.2024.100001
Journal