Three Dimensions of User Risk-Taking: Individual Differences in the TriRB

Abstract

Ben-Asher and Meyer (2018) developed a model of risk-related behavior in computer systems, named the Triad of Risk-related Behavior (TriRB). It identified three behaviors – the exposure to risk, the use of security features and the responses to security indications. Various factors affected the three behaviors differently. We report an experiment with 83 participants who performed the Tetris-game like task, designed for studying the TriRB. We also collected data on four measures of individual differences in risk-taking (BART, DOSPERT and questionnaires on assessing risk aversion in the utility functions). We computed the correlations between the behaviors in the TriRB and the risk measures. Different risk measures were correlated with the three behaviors, supporting the notion that these are indeed three different risk-related behaviors and not expressions of a general underlying tendency to take risks. We discuss some implications of these findings for cybersecurity research and praxis.