Risk as affect: the affect heuristic in cybersecurity

The affect heuristic has been frequently cited, without much direct examination of the central construct. In this paper we examine the relationship between affect, perceived risk and perceived benefit in the domain of cybersecurity.


Risk perception is an important driver of netizens' (Internet users') cybersecurity behaviours, with a number of factors influencing its formation. It has been argued that the affect heuristic can be a source of variation in generic risk perception. However, a major shortcoming of the supporting research evidence for this assertion is that the central construct, affect, has not been measured or analysed. Moreover, its influence in the cybersecurity domain has not yet been tested. The contribution of the research reported in this paper is thus: firstly, to test the affect heuristic while measuring its three constructs: affect, perceived risk and perceived benefit and, secondly, to test its impact in the cybersecurity domain. By means of two carefully designed studies (N = 63 and N = 233), we provide evidence for the influence of the affect heuristic on risk perception in the cybersecurity domain. We conclude by identifying directions for future research into the role of affect and its impact on cybersecurity risk perception.

Direct link to paper from publisher

Link to open repository version of paper

Christopher J Wilson
Christopher J Wilson
Associate Professor of Psychology

Experimental psychologist with interest in decision making, risk, attention, perception and virtual reality. Open to collaborations with researchers, third sector organisations and industry in the areas of financial decision-making, efficacy of financial education, the effects of psychological stress/distress on financial behaviour. I code lab & web-based behavioural studies using JavaScript / python. I use fNIRS, Eyetracking and VR in research. I conduct analysis in R. https://research.tees.ac.uk/en/persons/chris-wilson