The influence of optimism bias and loss aversion of cyber risk management decisions

Published 04 September, 2024

We are excited to announce the publication of the first article on the KeAi journal, Risk Sciences, by renowned experts on cyber risk management, Martin Eling from University of St. Gallen and Kwangmin Jung from Pohang University of Science and Technology.

The research article explores the influence of optimism bias on decision-making in cyber risk management, and introduces a novel model that integrates utility loss aversion — a previously unexplored factor in this context. The study finds that decision-makers who have self-protection as their primary reference point tend to underinvest in additional cyber risk management measures, providing support for the optimism bias observed in the cyber-insurance market. Additionally, individuals with higher levels of loss aversion demonstrate a reluctance to invest in supplementary cyber risk mitigation strategies.

Taken together, these findings offer an explanation for the low demand for cyber-insurance. This lack of investment not only affects corporate risk management strategies, but also has broader consequences for public policy and the management of systemic cyber risks that can have substantial economic and societal impacts. By introducing the concept of utility loss aversion, the study sheds light on the cognitive underpinnings that drive decision-making in cyber risk management, providing valuable insights for policymakers, businesses and individuals alike.

Figure 1. The left panel displays indifference curves describing the optimality of staying on the reference point, whereas the right panel shows the indifference curve of the preference for cyber-insurance.

Contact author:

Kwangmin Jung, Department of Industrial and Management Engineering, POSTECH, South Korea. Email: kwjung@postech.ac.kr

Conflict of interest:

The author Martin Eling is an Editorial Board Member for Risk Sciences and was not involved in the editorial review or the decision to publish this article. The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

See the article:

Eling M., Jung K., Optimism bias and its impact on cyber risk management decisions, Risk Sciences, Volume 1, 2024, 100001, https://doi.org/10.1016/j.risk.2024.100001.

Back to News

Stay Informed

First name *

Surname *

Email address *

KeAi may contact you to share the latest updates about products, services, promotions, and events. If you do not wish to receive such messages, please check this box.