Dancing Pigs or Externalities? Measuring the Rationality of Security Decisions

by   Elissa M. Redmiles, et al.

Accurately modeling human decision-making in security is critical to thinking about when, why, and how to recommend that users adopt certain secure behaviors. In this work, we conduct behavioral economics experiments to model the rationality of end-user security decision-making in a realistic online experimental system simulating a bank account. We ask participants to make a financially impactful security choice, in the face of transparent risks of account compromise and benefits offered by an optional security behavior (two-factor authentication). We measure the cost and utility of adopting the security behavior via measurements of time spent executing the behavior and estimates of the participant's wage. We find that more than 50 participants made rational (e.g., utility optimal) decisions, and we find that participants are more likely to behave rationally in the face of higher risk. Additionally, we find that users' decisions can be modeled well as a function of past behavior (anchoring effects), knowledge of costs, and to a lesser extent, users' awareness of risks and context (R2=0.61). We also find evidence of endowment effects, as seen in other areas of economic and psychological decision-science literature, in our digital-security setting. Finally, using our data, we show theoretically that a "one-size-fits"-all emphasis on security can lead to market losses, but that adoption by a subset of users with higher risks or lower costs can lead to market gains.



There are no comments yet.


page 5

page 9


Morshed: Guiding Behavioral Decision-Makers towards Better Security Investment in Interdependent Systems

We model the behavioral biases of human decision-making in securing inte...

BASCPS: How does behavioral decision making impact the security of cyber-physical systems?

We study the security of large-scale cyber-physical systems (CPS) consis...

Let's Gamble: Uncovering the Impact of Visualization on Risk Perception and Decision-Making

Data visualizations are standard tools for assessing and communicating r...

Effects of Social Cues on Biosecurity Compliance in Livestock Facilities: Evidence from Experimental Simulations

Disease outbreaks in U.S. animal livestock industries have economic impa...

A Reputation System for Marketplaces - Viability Assessment

In this work we explore the implementation of the reputation system for ...

Experimental Evidence for Using a TTM Stages of Change Model in Boosting Progress Toward 2FA Adoption

Behavior change ideas from health psychology can also help boost end use...

Let's Gamble: How a Poor Visualization Can Elicit Risky Behavior

Data visualizations are standard tools for assessing and communicating r...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.