Risk as affect : the affect heuristic in cybersecurity

Risk perception is an important driver of netizens' (Internet users') cybersecurity behaviours, with a number of factors influencing its formation. It has been argued that the affect heuristic can be a source of variation in generic risk perception. However, a major shortcoming of the supporting research evidence for this assertion is that the central construct, affect, has not been measured or analysed. Moreover, its influence in the cybersecurity domain has not yet been tested. The contribution of the research reported in this paper is thus, firstly, to test the affect heuristic while measuring its three constructs: affect, perceived risk and perceived benefit and, secondly, to test its impact in the cybersecurity domain. By means of two carefully designed studies (N = 63 and N = 233), we provide evidence for the influence of the affect heuristic on risk perception in the cybersecurity domain. We conclude by identifying directions for future research into the role of affect and its impact on cybersecurity risk perception