Return to search

Cyber Risk Perception and Risk Prioritization Among Cyber Security Professionals

Cyber security is a fast-paced field, and it is important to understand what factors might drive the cyber professionals’ perception of risk when prioritizing risks. While gender differences have been previously observed in risk perception of cyber risks among non-professionals, this thesis will also look at years of experience as another aspect. The purpose of this thesis is to explore the subjective risk perception and risk prioritization among cyber security professionals. It seeks to study their risk perception and prioritization when they are assessing two specific risks on a risk assessment scale (risk matrix) even if the risks are assigned the same risk score. In this thesis, two specific types of risks (Social Engineering and System Intrusion) have been chosen for the risk descriptions, due to their common nature of cyber-attacks. To answer the thesis’ formulated questions, a quantitative study in the form of a questionnaire has been distributed to cyber security professionals (n=70) through professional networking channels. The results in this thesis revealed no significant relationship between risk prioritization and gender, nor between risk prioritization and years of experience. Risk perception was measured by the method of Walpole and Wilson (2021). For three of the four subscales (Affect, Exposure, Susceptibility) the cyber professionals perceived Risk A (Social Engineering) as statistically significantly higher than Risk B (System Intrusion). The results also showed that for both women and men, Risk A was perceived statistically significantly higher/larger than Risk B. There are some results in this thesis that align with previous research, however some are also indicating opposing findings. Traditionally, risk perception studies have focused on non-experts, and it is important to further explore the risk perception among professionals within a field since risk perception in general and in cyber security could be influenced by knowledge, expertise, and experience.

Identiferoai:union.ndltd.org:UPSALLA1/oai:DiVA.org:hig-44316
Date January 2024
CreatorsNaenfeldt, Christine
PublisherHögskolan i Gävle, Besluts-, risk- och policyanalys
Source SetsDiVA Archive at Upsalla University
LanguageEnglish
Detected LanguageEnglish
TypeStudent thesis, info:eu-repo/semantics/bachelorThesis, text
Formatapplication/pdf
Rightsinfo:eu-repo/semantics/openAccess

Page generated in 0.002 seconds